On Fri, Aug 3, 2018, 10:17 PM Tommi Pernila <tommi.pernila_at_iki.fi> wrote: > > > On Fri, 3 Aug 2018 at 20.17, Warner Losh <imp_at_bsdimp.com> wrote: > >> On Fri, Aug 3, 2018, 5:58 PM Ian Lepore <ian_at_freebsd.org> wrote: >> >> > On Fri, 2018-08-03 at 19:54 +0300, Tommi Pernila wrote: >> > > On Tue, 10 Jul 2018 at 1.05, Warner Losh <imp_at_bsdimp.com> wrote: >> > > >> > > > >> > > > I have this in my tree already... >> > > > >> > > > Warner >> > > > >> > > > On Mon, Jul 9, 2018, 10:28 AM Allan Jude <allanjude_at_freebsd.org> >> > > > wrote: >> > > > >> > > > > >> > > > > I will look at updating the rootgen.sh script this evening, to >> > > > > support >> > > > > creating more flexible ESP partitions, so we can drop the >> > > > > loader.efi >> > > > > into an msdosfs directly. >> > > > > >> > > > > On 07/08/2018 15:31, Ian Lepore wrote: >> > > > > > >> > > > > > On Sun, 2018-07-08 at 21:08 +0200, Oliver Pinter wrote: >> > > > > > > >> > > > > > > Hi! >> > > > > > > >> > > > > > > Have you or Warner any update on this code? >> > > > > > > >> > > > > > > On Thursday, April 12, 2018, Eric McCorkle <eric_at_metricspace. >> > > > > > > net> >> > > > > > > wrote: >> > > > > > > >> > > > > > Are you aware of https://reviews.freebsd.org/D15743 ? >> > > > > > >> > > > > > That's my changes to add geli support to loader(8) in an >> > > > > > architecture- >> > > > > > agnostic way, so that "it just works" for all platforms and >> > > > > > flavors of >> > > > > > loader. It has been succesfully tested on armv6/7 (ubldr) and >> > > > > > on x86 >> > > > > > using qemu. The x86 tests cover ufs and zfs, legacy bios and >> > > > > > uefi. The >> > > > > > only variations that aren't tested yet are the uefi flavors, >> > > > > > because >> > > > > > the current rootgen.sh script for assembling test images is >> > > > > > still using >> > > > > > boot1.efi and I don't know enough about efi myself to update >> > > > > > the script >> > > > > > to make it assemble images the new way Warner envisions. >> > > > > > >> > > > > > -- Ian >> > > > > > >> > > > > > > >> > > > > > > > >> > > > > > > > >> > > > > > > > I'm in the middle of moving to a new apartment right >> > > > > > > > now. It's >> > > > > > > > going to >> > > > > > > > be a bit before I can get to this. >> > > > > > > > >> > > > > > > > On 04/11/2018 20:31, Warner Losh wrote: >> > > > > > > > > >> > > > > > > > > >> > > > > > > > > OK. I've pushed in the main part of it. The additional >> > > > > > > > > work I >> > > > > > > > > have >> > > > > > > > > shouldn't affect any of this stuff. I was going to look >> > > > > > > > > at what >> > > > > > > > > part(s) >> > > > > > > > > of your open reviewed needed to be redone tomorrow and >> > > > > > > > > send you >> > > > > > > > > feedback, but if you wanted to get a start before then, >> > > > > > > > > I'm happy >> > > > > > > > > to >> > > > > > > > > answer questions. All the rest of my work is going to be >> > > > > > > > > selecting the >> > > > > > > > > root partition when we're told to us a specific >> > > > > > > > > partition, so >> > > > > > > > > will be >> > > > > > > > > very constrained. >> > > > > > > > > >> > > > > > > > > Warner >> > > > > > > > > >> > > > > > > > > On Wed, Apr 11, 2018 at 6:02 PM, Eric McCorkle <eric_at_metr >> > > > > > > > > icspace. >> > > > > > > > > net >> > > > > > > > > <mailto:eric_at_metricspace.net>> wrote: >> > > > > > > > > >> > > > > > > > > I think the thing to do at this point is to wait for >> > > > > > > > > the >> > > > > > > > > current >> > > > > > > > work on >> > > > > > > > > >> > > > > > > > > >> > > > > > > > > loader.efi to land, then adapt my patches to apply >> > > > > > > > > against >> > > > > > > > > that work. >> > > > > > > > > >> > > > > > > > > On 04/11/2018 15:06, Warner Losh wrote: >> > > > > > > > > > Still reviewing the code. I'm worried it's too >> > > > > > > > > i386 >> > > > > > > > > specific and it >> > > > > > > > > > conflicts with some work I'm doing. I'll have a >> > > > > > > > > list of >> > > > > > > > > actionable >> > > > > > > > > > critiques this week. >> > > > > > > > > > >> > > > > > > > > > Warner >> > > > > > > > > > >> > > > > > > > > > On Wed, Apr 11, 2018 at 1:03 PM, Oliver Pinter >> > > > > > > > > > <oliver.pinter_at_hardenedbsd.org >> > > > > > > > > <mailto:oliver.pinter_at_hardenedbsd.org> >> > > > > > > > > <mailto:oliver.pinter_at_hardenedbsd.org >> > > > > > > > > <mailto:oliver.pinter_at_hardenedbsd.org>>> >> > > > > > > > > > wrote: >> > > > > > > > > > >> > > > > > > > > > Hi! >> > > > > > > > > > >> > > > > > > > > > Is there any update regarding the rebase or >> > > > > > > > > the >> > > > > > > > > inclusion to >> > > > > > > > base >> > > > > > > > > >> > > > > > > > > >> > > > > > > > > > system? >> > > > > > > > > > On 3/28/18, Eric McCorkle <eric_at_metricspace.ne >> > > > > > > > > t >> > > > > > > > > <mailto: >> > > > > > > > eric_at_metricspace.net> >> > > > > > > > > >> > > > > > > > > >> > > > > > > > > > <mailto:eric_at_metricspace.net <mailto:eric_at_metr >> > > > > > > > > icspace.n >> > > > > > > > > et>>> >> > > > > > > > wrote: >> > > > > > > > > >> > > > > > > > > >> > > > > > > > > > > I'll do another rebase from head just to be >> > > > > > > > > sure >> > > > > > > > > > > >> > > > > > > > > > > On March 28, 2018 3:23:23 PM EDT, Warner >> > > > > > > > > Losh < >> > > > > > > > imp_at_bsdimp.com <mailto:imp_at_bsdimp.com> >> > > > > > > > > >> > > > > > > > > >> > > > > > > > > > <mailto:imp_at_bsdimp.com <mailto:imp_at_bsdimp.com> >> > > > > > > > > >> wrote: >> > > > > > > > > > >>It's on my list for nexr, finally. I have an >> > > > > > > > > alternate patch >> > > > > > > > for >> > > > > > > > > >> > > > > > > > > >> > > > > > > > > > >>loader.efi >> > > > > > > > > > >>from ESP, but i don't think it will affect >> > > > > > > > > the GELI >> > > > > > > > > stuff. I >> > > > > > > > have some >> > > > > > > > > >> > > > > > > > > >> > > > > > > > > > >>time >> > > > > > > > > > >>slotted for integration issues though. >> > > > > > > > > > >> >> > > > > > > > > > >>I am quite mindful of the freeze dates.... >> > > > > > > > > I have >> > > > > > > > > some uefi >> > > > > > > > boot >> > > > > > > > > >> > > > > > > > > >> > > > > > > > > > >>loader >> > > > > > > > > > >>protocol changes that I need to get in. >> > > > > > > > > > >> >> > > > > > > > > > >>Warner >> > > > > > > > > > >> >> > > > > > > > > > >>On Feb 21, 2018 11:18 PM, "Tommi Pernila" < >> > > > > > > > tommi.pernila_at_iki.fi <mailto:tommi.pernila_at_iki.fi> >> > > > > > > > > >> > > > > > > > > >> > > > > > > > > > <mailto:tommi.pernila_at_iki.fi <mailto:tommi.per >> > > > > > > > > nila_at_iki. >> > > > > > > > > fi>>> >> > > > > > > > wrote: >> > > > > > > > > >> > > > > > > > > >> > > > > > > > > > >> >> > > > > > > > > > >>> Awesome, thanks for the update and the >> > > > > > > > > work that >> > > > > > > > > you have >> > > > > > > > done! >> > > > > > > > > >> > > > > > > > > >> > > > > > > > > > >>> >> > > > > > > > > > >>> Now we just need some more reviewers eyes >> > > > > > > > > on the >> > > > > > > > > code :) >> > > > > > > > > > >>> >> > > > > > > > > > >>> Br, >> > > > > > > > > > >>> >> > > > > > > > > > >>> Tommi >> > > > > > > > > > >>> >> > > > > > > > > > >>> On Thu, 22 Feb 2018 at 2.03, Eric McCorkle >> > > > > > > > > < >> > > > > > > > eric_at_metricspace.net <mailto:eric_at_metricspace.net> >> > > > > > > > > >> > > > > > > > > >> > > > > > > > > > <mailto:eric_at_metricspace.net <mailto:eric_at_metr >> > > > > > > > > icspace.n >> > > > > > > > > et>>> >> > > > > > > > > > >>wrote: >> > > > > > > > > > >>> >> > > > > > > > > > >>>> FYI, I just IFC'ed everything, and the >> > > > > > > > > current >> > > > > > > > > patches >> > > > > > > > > are still >> > > > > > > > > > >>fine. >> > > > > > > > > > >>>> >> > > > > > > > > > >>>> Also, the full GELI + standalone loader >> > > > > > > > > has been >> > > > > > > > > deployed >> > > > > > > > > on one of >> > > > > > > > > > >>my >> > > > > > > > > > >>>> laptops for some time now. >> > > > > > > > > > >>>> >> > > > > > > > > > >>>> On 02/21/2018 18:15, Eric McCorkle wrote: >> > > > > > > > > > >>>> > The GELI work could be merged at this >> > > > > > > > > point, >> > > > > > > > > though it >> > > > > > > > > won't be >> > > > > > > > > > >>usable >> > > > > > > > > > >>>> > without an additional patch to enable >> > > > > > > > > loader- >> > > > > > > > > only >> > > > > > > > > operation. The >> > > > > > > > > > >>>> > patches are currently up for review: >> > > > > > > > > > >>>> > >> > > > > > > > > > >>>> > This is the order in which they'd need >> > > > > > > > > to be >> > > > > > > > > merged: >> > > > > > > > > > >>>> > >> > > > > > > > > > >>>> > >> > > > > > > > > > >>>> > https://reviews.freebsd.org/D12732 >> > > > > > > > > <https://reviews.freebsd.org/D12732> >> > > > > > > > > > <https://reviews.freebsd.org/D12732 >> > > > > > > > > <https://reviews.freebsd.org/D12732>> >> > > > > > > > > > >>>> > >> > > > > > > > > > >>>> > This one changes the efipart >> > > > > > > > > device. Toomas >> > > > > > > > > Soome >> > > > > > > > > identified >> > > > > > > > > > some >> > > > > > > > > > >>>> > problems, which I have addressed. He >> > > > > > > > > has not >> > > > > > > > > re-reviewed it, >> > > > > > > > > > >>however. >> > > > > > > > > > >>>> > >> > > > > > > > > > >>>> > >> > > > > > > > > > >>>> > https://reviews.freebsd.org/D12692 >> > > > > > > > > <https://reviews.freebsd.org/D12692> >> > > > > > > > > > <https://reviews.freebsd.org/D12692 >> > > > > > > > > <https://reviews.freebsd.org/D12692>> >> > > > > > > > > > >>>> > >> > > > > > > > > > >>>> > This adds some crypto code needed for >> > > > > > > > > GELI. It >> > > > > > > > > simply >> > > > > > > > > adds new >> > > > > > > > > > >>code, >> > > > > > > > > > >>>> > and doesn't conflict with anything. >> > > > > > > > > > >>>> > >> > > > > > > > > > >>>> > >> > > > > > > > > > >>>> > https://reviews.freebsd.org/D12698 >> > > > > > > > > <https://reviews.freebsd.org/D12698> >> > > > > > > > > > <https://reviews.freebsd.org/D12698 >> > > > > > > > > <https://reviews.freebsd.org/D12698>> >> > > > > > > > > > >>>> > >> > > > > > > > > > >>>> > This adds the EFI KMS interface code, >> > > > > > > > > and has >> > > > > > > > > the EFI >> > > > > > > > > loader pass >> > > > > > > > > > >>keys >> > > > > > > > > > >>>> > into the keybuf interface. >> > > > > > > > > > >>>> > >> > > > > > > > > > >>>> > >> > > > > > > > > > >>>> > I can't post the main GELI driver until >> > > > > > > > > those >> > > > > > > > > get >> > > > > > > > > merged, as it >> > > > > > > > > > >>depends >> > > > > > > > > > >>>> > on them. It can be found on the geli >> > > > > > > > > branch on >> > > > > > > > > my >> > > > > > > > > github freebsd >> > > > > > > > > > >>>> > repository, however. >> > > > > > > > > > >>>> > >> > > > > > > > > > >>>> > >> > > > > > > > > > >>>> > Additionally, you need this patch, >> > > > > > > > > which allows >> > > > > > > > > loader.efi to >> > > > > > > > > > >>function >> > > > > > > > > > >>>> > when installed directly to the ESP: >> > > > > > > > > > >>>> > >> > > > > > > > > > >>>> > https://reviews.freebsd.org/D13497 >> > > > > > > > > <https://reviews.freebsd.org/D13497> >> > > > > > > > > > <https://reviews.freebsd.org/D13497 >> > > > > > > > > <https://reviews.freebsd.org/D13497>> >> > > > > > > > > > >>>> > >> > > > > > > > > > >>>> > On 02/20/2018 22:56, Tommi Pernila >> > > > > > > > > wrote: >> > > > > > > > > > >>>> >> Hi Eric, >> > > > > > > > > > >>>> >> >> > > > > > > > > > >>>> >> could you provide a brief update how >> > > > > > > > > the work >> > > > > > > > > is going? >> > > > > > > > > > >>>> >> >> > > > > > > > > > >>>> >> >> > > > > > > > > > >>>> >> Br, >> > > > > > > > > > >>>> >> >> > > > > > > > > > >>>> >> Tommi >> > > > > > > > > > >>>> >> >> > > > > > > > > > >>>> >> >> > > > > > > > > > >>>> >> On Nov 16, 2017 04:29, "Eric McCorkle" >> > > > > > > > > <eric_at_metricspace.net <mailto:eric_at_metricspace.net> >> > > > > > > > > > <mailto:eric_at_metricspace.net <mailto:eric_at_metr >> > > > > > > > > icspace.n >> > > > > > > > > et>> >> > > > > > > > > > >>>> >> <mailto:eric_at_metricspace.net >> > > > > > > > > <mailto:eric_at_metricspace.net> <mailto:eric_at_metricspa >> > > > > > > > > ce.net >> > > > > > > > > <mailto:eric_at_metricspace.net>>>> >> > > > > > > > > > wrote: >> > > > > > > > > > >>>> >> >> > > > > > > > > > >>>> >> Right, so basically, the remaining >> > > > > > > > > GELI >> > > > > > > > > patches >> > > > > > > > > are against >> > > > > > > > > > >>>> loader, and >> > > > > > > > > > >>>> >> most of them can go in >> > > > > > > > > independently of the >> > > > > > > > > work >> > > > > > > > > on removing >> > > > > > > > > > >>boot1. >> > > > > > > > > > >>>> >> There's a unanimous consensus on >> > > > > > > > > getting >> > > > > > > > > rid of >> > > > > > > > > boot1 which >> > > > > > > > > > >>>> includes its >> > > > > > > > > > >>>> >> original author, so that's going >> > > > > > > > > to happen. >> > > > > > > > > > >>>> >> >> > > > > > > > > > >>>> >> >> > > > > > > > > > >>>> >> For GELI, we have the following >> > > > > > > > > (not >> > > > > > > > > necessarily >> > > > > > > > > in order): >> > > > > > > > > > >>>> >> >> > > > > > > > > > >>>> >> a) Adding the KMS interfaces, >> > > > > > > > > pseudo- >> > > > > > > > > device, and >> > > > > > > > > kernel >> > > > > > > > > > >>keybuf >> > > > > > > > > > >>>> >> interactions >> > > > > > > > > > >>>> >> b) Modifications to the efipart >> > > > > > > > > driver >> > > > > > > > > > >>>> >> c) boot crypto >> > > > > > > > > > >>>> >> d) GELI partition types (not >> > > > > > > > > strictly >> > > > > > > > > necessary) >> > > > > > > > > > >>>> >> >> > > > > > > > > > >>>> >> Then there's the GELI driver >> > > > > > > > > itself. (a) >> > > > > > > > > and (c) >> > > > > > > > are >> > > > > > > > > >> > > > > > > > > >> > > > > > > > > > good to >> > > > > > > > > > >>>> land, (b) >> > > > > > > > > > >>>> >> needs some more work after Toomas >> > > > > > > > > Soome >> > > > > > > > > pointed >> > > > > > > > out a >> > > > > > > > > >> > > > > > > > > >> > > > > > > > > > >>legitimate >> > > > > > > > > > >>>> >> problem, and (d) actually needs a >> > > > > > > > > good bit >> > > > > > > > > more >> > > > > > > > > code (but >> > > > > > > > > > >>again, >> > > > > > > > > > >>>> it's >> > > > > > > > > > >>>> >> more cosmetic). Additionally, the >> > > > > > > > > GELI >> > > > > > > > > driver >> > > > > > > > > will need >> > > > > > > > > > >>further >> > > > > > > > > > >>>> mods to >> > > > > > > > > > >>>> >> efipart to be written (nothing too >> > > > > > > > > big). But we >> > > > > > > > > could go >> > > > > > > > > > >>ahead >> > > > > > > > > > >>>> with (a) >> > > > > > > > > > >>>> >> and (c), as they've already been >> > > > > > > > > proven to >> > > > > > > > > work. >> > > > > > > > > > >>>> >> >> > > > > > > > > > >>>> >> I'd wanted to have this stuff >> > > > > > > > > shaped up >> > > > > > > > > sooner, >> > > > > > > > > but I'm >> > > > > > > > > > >>>> preoccupied with >> > > > > > > > > > >>>> >> the 7th RISC-V workshop at the end >> > > > > > > > > of the >> > > > > > > > > month. >> > > > > > > > > > >>>> >> >> > > > > > > > > > >>>> >> Once this stuff is all in, loader >> > > > > > > > > should >> > > > > > > > > handle >> > > > > > > > > any GELI >> > > > > > > > > > >>volumes it >> > > > > > > > > > >>>> >> finds, and it should Just Work >> > > > > > > > > once boot1 >> > > > > > > > > is gone. >> > > > > > > > > > >>>> >> >> > > > > > > > > > >>>> >> >> > > > > > > > > > >>>> > >> > > > > > > > > _______________________________________________ >> > > > > > > > > > >>>> > freebsd-current_at_freebsd.org >> > > > > > > > > <mailto:freebsd-current_at_freebsd.org> >> > > > > > > > > > <mailto:freebsd-current_at_freebsd.org >> > > > > > > > > <mailto:freebsd-current_at_freebsd.org>> mailing list >> > > > > > > > > > >>>> > https://lists.freebsd.org/mailman/listi >> > > > > > > > > nfo/freeb >> > > > > > > > > sd- >> > > > > > > > current >> > > > > > > > > >> > > > > > > > > >> > > > > > > > > <https://lists.freebsd.org/mailman/listinfo/freebsd- >> > > > > > > > > current> >> > > > > > > > > > <https://lists.freebsd.org/mailman/listinfo/fr >> > > > > > > > > eebsd-cur >> > > > > > > > > rent >> > > > > > > > > <https://lists.freebsd.org/mailman/listinfo/freebsd- >> > > > > > > > > current>> >> > > > > > > > > > >>>> > To unsubscribe, send any mail to >> > > > > > > > "freebsd-current-unsubscribe_at_ >> > > > > > > > > >> > > > > > > > > >> > > > > > > > > > >>>> freebsd.org <http://freebsd.org> >> > > > > > > > > <http://freebsd.org>" >> > > > > > > > > > >>>> > >> > > > > > > > > > >>>> >> > > > > > > > > > >>> >> > > > > > > > > > > >> > > > > > > > > > > -- >> > > > > > > > > > > Sent from my Android device with K-9 Mail. >> > > > > > > > > Please >> > > > > > > > > excuse my >> > > > > > > > brevity. >> > > > > > > > > >> > > > > > > > > >> > > > > > > > > > > >> > > > > > > > > _______________________________________________ >> > > > > > > > > > > freebsd-current_at_freebsd.org >> > > > > > > > > <mailto:freebsd-current_at_freebsd.org> >> > > > > > > > > <mailto:freebsd-current_at_freebsd.org >> > > > > > > > > <mailto:freebsd-current_at_freebsd.org>> >> > > > > > > > > > mailing list >> > > > > > > > > > > https://lists.freebsd.org/mailman/listinfo/f >> > > > > > > > > reebsd-cu >> > > > > > > > > rrent >> > > > > > > > > <https://lists.freebsd.org/mailman/listinfo/freebsd- >> > > > > > > > > current> >> > > > > > > > > > <https://lists.freebsd.org/mailman/listinfo/fr >> > > > > > > > > eebsd-cur >> > > > > > > > > rent >> > > > > > > > > <https://lists.freebsd.org/mailman/listinfo/freebsd- >> > > > > > > > > current>> >> > > > > > > > > > > To unsubscribe, send any mail to >> > > > > > > > > > "freebsd-current-unsubscribe_at_freebsd.org >> > > > > > > > > <mailto:freebsd-current-unsubscribe_at_freebsd.org> >> > > > > > > > > > <mailto:freebsd-current-unsubscribe_at_freebsd.or >> > > > > > > > > g >> > > > > > > > > <mailto:freebsd-current-unsubscribe_at_freebsd.org>>" >> > > > > > > > > > > >> > > > > > > > > > >> > > > > > > > > > >> > > > > > > > > >> > > > > > > > > >> > > > > > > _______________________________________________ >> > > > > > > freebsd-current_at_freebsd.org mailing list >> > > > > > > https://lists.freebsd.org/mailman/listinfo/freebsd-current >> > > > > > > To unsubscribe, send any mail to "freebsd-current-unsubscribe >> > > > > > > _at_freebsd >> > > > > > > .org" >> > > > > -- >> > > > > Allan Jude >> > > > > >> > > Hi all, >> > > >> > > could anyone comment on the overall status of this feature? >> > > Is it going to make in 12.0 as it's code freeze is nearing up? >> > > >> > > Br, >> > > >> > > Tommi >> > >> > I'm not sure what part of the above mix of top- and bottom-posted >> > replies you're asking about. The support for GELI when booting from >> > UEFI is already in 12-current. I don't know anything about the "boot >> > environments" stuff (like, even what it means). >> > >> >> After Ian's changes, it should all be good. Once the disk is unlocked, you >> can do anything. Including ZFS boot environments that we already support >> for unencrypted disks. >> >> Warner >> > > Excellent news! > > Thank you all for your work on this! > > *starts updating CURRENT install* > Let us know of there is a problem... Warner >Received on Fri Aug 03 2018 - 19:20:13 UTC
This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:41:17 UTC