From owner-svn-src-head@freebsd.org Mon Jul 30 18:05:36 2018 Return-Path: Delivered-To: svn-src-head@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 4D978105CFC3; Mon, 30 Jul 2018 18:05:36 +0000 (UTC) (envelope-from kevans@freebsd.org) Received: from smtp.freebsd.org (smtp.freebsd.org [96.47.72.83]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "smtp.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id ED5017D4DC; Mon, 30 Jul 2018 18:05:35 +0000 (UTC) (envelope-from kevans@freebsd.org) Received: from mail-lj1-f178.google.com (mail-lj1-f178.google.com [209.85.208.178]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) (Authenticated sender: kevans) by smtp.freebsd.org (Postfix) with ESMTPSA id 8A24BC662; Mon, 30 Jul 2018 18:05:35 +0000 (UTC) (envelope-from kevans@freebsd.org) Received: by mail-lj1-f178.google.com with SMTP id f8-v6so11332822ljk.1; Mon, 30 Jul 2018 11:05:35 -0700 (PDT) X-Gm-Message-State: AOUpUlEJg/g6Pi6Gv+5oFkKVuJBOhTJzUZcs7in6NxTevGp2AjoDX7Df BlEyNHphZPuA/vYjTO0wvptquUGU3AdCdyftWag= X-Google-Smtp-Source: AAOMgpcvHcpQc69IwpQiO/Oo/BNizSC52ppUMRDML98EyRNYcjn9wf7ZA1VMhOpGcsMD2J/HPwgvGCrvkTj4ejpbqmI= X-Received: by 2002:a2e:8617:: with SMTP id a23-v6mr64489lji.43.1532973934130; Mon, 30 Jul 2018 11:05:34 -0700 (PDT) MIME-Version: 1.0 Received: by 2002:a2e:5742:0:0:0:0:0 with HTTP; Mon, 30 Jul 2018 11:05:13 -0700 (PDT) In-Reply-To: References: <201807301740.w6UHeRM0077138@repo.freebsd.org> <20180730175923.vtha72pcvzilsspu@mutt-hbsd> From: Kyle Evans Date: Mon, 30 Jul 2018 13:05:13 -0500 X-Gmail-Original-Message-ID: Message-ID: Subject: Re: svn commit: r336919 - head/sys/dev/efidev To: Warner Losh Cc: Shawn Webb , src-committers , svn-src-all@freebsd.org, svn-src-head@freebsd.org Content-Type: text/plain; charset="UTF-8" X-BeenThere: svn-src-head@freebsd.org X-Mailman-Version: 2.1.27 Precedence: list List-Id: SVN commit messages for the src tree for head/-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 30 Jul 2018 18:05:36 -0000 On Mon, Jul 30, 2018 at 1:01 PM, Warner Losh wrote: > On Mon, Jul 30, 2018 at 11:59 AM, Shawn Webb > wrote: >> >> On Mon, Jul 30, 2018 at 05:40:27PM +0000, Kyle Evans wrote: >> > Author: kevans >> > Date: Mon Jul 30 17:40:27 2018 >> > New Revision: 336919 >> > URL: https://svnweb.freebsd.org/changeset/base/336919 >> > >> > Log: >> > efirt: Add tunable to allow disabling EFI Runtime Services >> > >> > Leading up to enabling EFIRT in GENERIC, allow runtime services to be >> > disabled with a new tunable: efi.rt_disabled. This makes it so that >> > EFIRT >> > can be disabled easily in case we run into some buggy UEFI >> > implementation >> > and fail to boot. >> > >> > Discussed with: imp, kib >> > MFC after: 1 week >> > >> > Modified: >> > head/sys/dev/efidev/efirt.c >> > >> > Modified: head/sys/dev/efidev/efirt.c >> > >> > ============================================================================== >> > --- head/sys/dev/efidev/efirt.c Mon Jul 30 17:03:15 2018 >> > (r336918) >> > +++ head/sys/dev/efidev/efirt.c Mon Jul 30 17:40:27 2018 >> > (r336919) >> > @@ -133,7 +133,12 @@ efi_init(void) >> > struct efi_md *map; >> > caddr_t kmdp; >> > size_t efisz; >> > + int rt_disabled; >> > >> > + rt_disabled = 0; >> > + TUNABLE_INT_FETCH("efi.rt_disabled", &rt_disabled); >> >> Would it be a good idea to document this tunable in loader(8)? >> >> Thanks, >> >> -- >> Shawn Webb >> Cofounder and Security Engineer >> HardenedBSD >> >> Tor-ified Signal: +1 443-546-8752 >> Tor+XMPP+OTR: lattera@is.a.hacker.sx >> GPG Key ID: 0x6A84658F52456EEE >> GPG Key Fingerprint: 2ABA B6BD EF6A F486 BE89 3D9E 6A84 658F 5245 6EEE > > It would be a good idea to make it like the other tuneables. > > efi.rt.enabled=0 would be the pattern. > In that case, I'll change this to efi.rt.disabled to more closely match newbus hinting, and I'll document it in loader(8) in the process.