On 7 Aug 2024, at 00:30, Warner Losh <[email protected]> wrote: > > The branch main has been updated by imp: > > URL: > https://cgit.FreeBSD.org/src/commit/?id=7ee781e2bfc2558060dec95564414a0bff4415c1 > > commit 7ee781e2bfc2558060dec95564414a0bff4415c1 > Author: Warner Losh <[email protected]> > AuthorDate: 2024-08-05 21:16:37 +0000 > Commit: Warner Losh <[email protected]> > CommitDate: 2024-08-06 23:22:36 +0000 > > loader: Document that WITH_BEARSSL may need other tweaks > > /boot/loader is right up aginst the 500k limit we have to make sure > everything works in a wide variety of environments. However, adding > WITH_BEARSSL can push it over the edge since we are so close to the > limit with it enabled. One may also need to increase LOADERSIZE when > enabling it. It's often safe to go much higher, especially when you > don't plan on using pxeldr. Document this trade off here.
Can you please mention i386/amd64/x86/whatever and BIOS up front in the descriptions here? As it stands it reads like a lot of historic FreeBSD documentation that assumes you’re dealing with x86 + BIOS. Jess > MFC After: 3 days > Sponsored by: Netflix > Reviewed by: sjg, markj > Differential Revision: https://reviews.freebsd.org/D46211 > --- > tools/build/options/WITH_BEARSSL | 19 +++++++++++++++++++ > tools/build/options/WITH_LOADER_VERIEXEC | 2 ++ > 2 files changed, 21 insertions(+) > > diff --git a/tools/build/options/WITH_BEARSSL > b/tools/build/options/WITH_BEARSSL > index 6a4447d723ed..9dcebbf1ae30 100644 > --- a/tools/build/options/WITH_BEARSSL > +++ b/tools/build/options/WITH_BEARSSL > @@ -8,3 +8,22 @@ This library is currently only used to perform > signature verification and related operations > for Verified Exec and > .Xr loader 8 . > +.Pp > +Due to size constraints, one may need to set > +.Va LOADERSIZE > +larger than the > +default 500000, although often loader is under the 500k limit even with > +this option. > +Setting > +.Va LOADERSIZE > +larger than 500000 may cause > +.Xr pxeboot 8 > +to be too large to work. > +Careful testing of the loader in the target environment when built with a > larger > +limit to establish safe limits is critical because different BIOS > environments > +reserve differing amounts of the low 640k space, making a precise limit for > +everybody impossible. > +.Pp > +See also > +.Va WITH_LOADER_PXEBOOT > +for other considerations. > diff --git a/tools/build/options/WITH_LOADER_VERIEXEC > b/tools/build/options/WITH_LOADER_VERIEXEC > index a50ff9a317e6..d784df968949 100644 > --- a/tools/build/options/WITH_LOADER_VERIEXEC > +++ b/tools/build/options/WITH_LOADER_VERIEXEC > @@ -4,3 +4,5 @@ with support for verification similar to Verified Exec. > .Pp > Depends on > .Va WITH_BEARSSL . > +May require a larger > +.Va LOADERSIZE .
