Re: svn commit: r358744 - in head: lib/libsecureboot lib/libsecureboot/h lib/libsecureboot/tests share/mk stand stand/common stand/efi/loader stand/efi/loader/arch/i386 stand/ficl stand/i386/libi386 s
O. Hartmann wrote: > > To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org" > [... deleted ...] > > > buildworld seems to be broken on this commit: Ah! I did a buildworld, but build the 4th version of loader. Sorry, will fix. > > [...] > --- all_subdir_stand --- > --- lstd.o --- > /usr/src/stand/liblua/lstd.c:86:44: error: too few arguments to function call, > expected 5, have 4 if (verify_file(fd, filename, 0, VE_GUESS) < 0) { > ~~~ ^ > /usr/src/lib/libsecureboot/h/verify_file.h:50:1: note: 'verify_file' declared > here int verify_file(int, const char *, off_t, int, const char *); > ^ ___ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
Re: svn commit: r358744 - in head: lib/libsecureboot lib/libsecureboot/h lib/libsecureboot/tests share/mk stand stand/common stand/efi/loader stand/efi/loader/arch/i386 stand/ficl stand/i386/libi386 s
On Mon, 9 Mar 2020 07:05:46 +0100 "O. Hartmann" wrote: > On Sun, 8 Mar 2020 17:42:43 + (UTC) > "Simon J. Gerraty" wrote: > > > Author: sjg > > Date: Sun Mar 8 17:42:42 2020 > > New Revision: 358744 > > URL: https://svnweb.freebsd.org/changeset/base/358744 > > > > Log: > > veloader use vectx API for kernel and modules > > > > The vectx API, computes the hash for verifying a file as it is read. > > This avoids the overhead of reading files twice - once to verify, then > > again to load. > > > > For doing an install via loader, avoiding the need to rewind > > large files is critical. > > > > This API is only used for modules, kernel and mdimage as these are the > > biggest files read by the loader. > > The reduction in boot time depends on how expensive the I/O is > > on any given platform. On a fast VM we see 6% improvement. > > > > For install via loader the first file to be verified is likely to be the > > kernel, so some of the prep work (finding manifest etc) done by > > verify_file() needs to be factored so it can be reused for > > vectx_open(). > > > > For missing or unrecognized fingerprint entries, we fail > > in vectx_open() unless verifying is disabled. > > > > Otherwise fingerprint check happens in vectx_close() and > > since this API is only used for files which must be verified > > (VE_MUST) we panic if we get an incorrect hash. > > > > Reviewed by: imp,tsoome > > MFC after:1 week > > Sponsored by: Juniper Networks > > Differential Revision:https://reviews.freebsd.org//D23827 > > > > Modified: > > head/lib/libsecureboot/h/libsecureboot.h > > head/lib/libsecureboot/h/verify_file.h > > head/lib/libsecureboot/tests/tvo.c > > head/lib/libsecureboot/vectx.c > > head/lib/libsecureboot/verify_file.c > > head/share/mk/src.opts.mk > > head/stand/common/bootstrap.h > > head/stand/common/interp_forth.c > > head/stand/common/interp_simple.c > > head/stand/common/load_elf.c > > head/stand/common/load_elf_obj.c > > head/stand/common/misc.c > > head/stand/common/module.c > > head/stand/efi/loader/arch/i386/i386_copy.c > > head/stand/efi/loader/copy.c > > head/stand/efi/loader/loader_efi.h > > head/stand/efi/loader/main.c > > head/stand/ficl/loader.c > > head/stand/i386/libi386/i386_copy.c > > head/stand/i386/libi386/libi386.h > > head/stand/i386/loader/chain.c > > head/stand/libofw/libofw.h > > head/stand/libofw/ofw_copy.c > > head/stand/loader.mk > > head/stand/mips/beri/loader/arch.c > > head/stand/powerpc/kboot/main.c > > head/stand/uboot/lib/copy.c > > head/stand/uboot/lib/libuboot.h > > head/stand/userboot/userboot/copy.c > > head/stand/userboot/userboot/libuserboot.h > > > > To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org" > [... deleted ...] > > > buildworld seems to be broken on this commit: > > [...] > --- all_subdir_stand --- > --- lstd.o --- > /usr/src/stand/liblua/lstd.c:86:44: error: too few arguments to function call, > expected 5, have 4 if (verify_file(fd, filename, 0, VE_GUESS) < 0) { > ~~~ ^ > /usr/src/lib/libsecureboot/h/verify_file.h:50:1: note: 'verify_file' declared > here int verify_file(int, const char *, off_t, int, const char *); > ^ > 1 error generated. > [...] > > Building host is CURRENT, FreeBSD 13.0-CURRENT #118 r358695: Fri Mar 6 > 12:48:00 CET 2020 amd64: > > kind regards, > > oh > ___ > svn-src-h...@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/svn-src-head > To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org" The problem reported seems to occur when WITH_BEARSSL=YES is enabled in /etc/src.conf. ___ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
Re: svn commit: r358744 - in head: lib/libsecureboot lib/libsecureboot/h lib/libsecureboot/tests share/mk stand stand/common stand/efi/loader stand/efi/loader/arch/i386 stand/ficl stand/i386/libi386 s
On Sun, 8 Mar 2020 17:42:43 + (UTC) "Simon J. Gerraty" wrote: > Author: sjg > Date: Sun Mar 8 17:42:42 2020 > New Revision: 358744 > URL: https://svnweb.freebsd.org/changeset/base/358744 > > Log: > veloader use vectx API for kernel and modules > > The vectx API, computes the hash for verifying a file as it is read. > This avoids the overhead of reading files twice - once to verify, then > again to load. > > For doing an install via loader, avoiding the need to rewind > large files is critical. > > This API is only used for modules, kernel and mdimage as these are the > biggest files read by the loader. > The reduction in boot time depends on how expensive the I/O is > on any given platform. On a fast VM we see 6% improvement. > > For install via loader the first file to be verified is likely to be the > kernel, so some of the prep work (finding manifest etc) done by > verify_file() needs to be factored so it can be reused for > vectx_open(). > > For missing or unrecognized fingerprint entries, we fail > in vectx_open() unless verifying is disabled. > > Otherwise fingerprint check happens in vectx_close() and > since this API is only used for files which must be verified > (VE_MUST) we panic if we get an incorrect hash. > > Reviewed by:imp,tsoome > MFC after: 1 week > Sponsored by: Juniper Networks > Differential Revision: https://reviews.freebsd.org//D23827 > > Modified: > head/lib/libsecureboot/h/libsecureboot.h > head/lib/libsecureboot/h/verify_file.h > head/lib/libsecureboot/tests/tvo.c > head/lib/libsecureboot/vectx.c > head/lib/libsecureboot/verify_file.c > head/share/mk/src.opts.mk > head/stand/common/bootstrap.h > head/stand/common/interp_forth.c > head/stand/common/interp_simple.c > head/stand/common/load_elf.c > head/stand/common/load_elf_obj.c > head/stand/common/misc.c > head/stand/common/module.c > head/stand/efi/loader/arch/i386/i386_copy.c > head/stand/efi/loader/copy.c > head/stand/efi/loader/loader_efi.h > head/stand/efi/loader/main.c > head/stand/ficl/loader.c > head/stand/i386/libi386/i386_copy.c > head/stand/i386/libi386/libi386.h > head/stand/i386/loader/chain.c > head/stand/libofw/libofw.h > head/stand/libofw/ofw_copy.c > head/stand/loader.mk > head/stand/mips/beri/loader/arch.c > head/stand/powerpc/kboot/main.c > head/stand/uboot/lib/copy.c > head/stand/uboot/lib/libuboot.h > head/stand/userboot/userboot/copy.c > head/stand/userboot/userboot/libuserboot.h > > To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org" [... deleted ...] buildworld seems to be broken on this commit: [...] --- all_subdir_stand --- --- lstd.o --- /usr/src/stand/liblua/lstd.c:86:44: error: too few arguments to function call, expected 5, have 4 if (verify_file(fd, filename, 0, VE_GUESS) < 0) { ~~~ ^ /usr/src/lib/libsecureboot/h/verify_file.h:50:1: note: 'verify_file' declared here int verify_file(int, const char *, off_t, int, const char *); ^ 1 error generated. [...] Building host is CURRENT, FreeBSD 13.0-CURRENT #118 r358695: Fri Mar 6 12:48:00 CET 2020 amd64: kind regards, oh ___ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
Re: svn commit: r358744 - in head: lib/libsecureboot lib/libsecureboot/h lib/libsecureboot/tests share/mk stand stand/common stand/efi/loader stand/efi/loader/arch/i386 stand/ficl stand/i386/libi386 s
Sorry, this header was in the diff I checked just before commit, but somehow it got left behind. Should be fixed now. r358767 Ed Maste wrote: > On Sun, 8 Mar 2020 at 13:42, Simon J. Gerraty wrote: > > > > Author: sjg > > Date: Sun Mar 8 17:42:42 2020 > > New Revision: 358744 > > URL: > > https://urldefense.com/v3/__https://svnweb.freebsd.org/changeset/base/358744__;!!NEt6yMaO-gk!UN1BS-3MIiR9SzEXAP4CaXw9L8Y3jVsZwKB6fbjrjIiZGgrRXFp5uE0oPx-XgA$ > > > > > > Log: > > veloader use vectx API for kernel and modules > > CI reports the build is now broken: > 18:12:46 --- geliboot.o --- > 18:12:46 In file included from /usr/src/stand/libsa/geli/geliboot.c:33: > 18:12:46 In file included from > /usr/src/stand/libsa/geli/geliboot_internal.h:43: > 18:12:46 /usr/src/stand/common/bootstrap.h:36:10: fatal error: > 'readin.h' file not found > 18:12:46 #include "readin.h" > 18:12:46 ^~ ___ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
Re: svn commit: r358744 - in head: lib/libsecureboot lib/libsecureboot/h lib/libsecureboot/tests share/mk stand stand/common stand/efi/loader stand/efi/loader/arch/i386 stand/ficl stand/i386/libi386 s
On Sun, 8 Mar 2020 at 13:42, Simon J. Gerraty wrote: > > Author: sjg > Date: Sun Mar 8 17:42:42 2020 > New Revision: 358744 > URL: https://svnweb.freebsd.org/changeset/base/358744 > > Log: > veloader use vectx API for kernel and modules CI reports the build is now broken: 18:12:46 --- geliboot.o --- 18:12:46 In file included from /usr/src/stand/libsa/geli/geliboot.c:33: 18:12:46 In file included from /usr/src/stand/libsa/geli/geliboot_internal.h:43: 18:12:46 /usr/src/stand/common/bootstrap.h:36:10: fatal error: 'readin.h' file not found 18:12:46 #include "readin.h" 18:12:46 ^~ ___ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"