Re: Which version is BOOTX64.efi?

Reply: Tomoaki AOKI : "Re: Which version is BOOTX64.efi?"
In reply to: Russell Adams : "Re: Which version is BOOTX64.efi?"
Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: Edward Sanford Sutton, III <mirror176_at_hotmail.com>
Date: Wed, 27 Aug 2025 21:25:40 UTC

On 8/27/25 08:37, Russell Adams wrote:
> On Thu, Aug 28, 2025 at 12:20:56AM +0900, Tomoaki AOKI wrote:
>>>>>>> Question: is there any concept to get some proper version information
>>>>>>> into these binaries, from which then some identity and the commit tag
>>>>>>> could be retrieved from which they were created?
>>>
>>> We used to encode the date the loader was built. Reproducible builds
>>> stopped that.
>>
>> Can't git hash (full or first 12 digits, possibly plus n**** number,
>> too) like in kernel help the situation? Yes, it shouldn't be suitable
>> for legacy bootcodes (wastes of bytes!), though.
> 
> Really I don't care if the data is embedded in the bootcode. I
> understand it may be in a difficult format with limited space.
> 
> I'm not building my own here. I just want to be able to find out what
> I have vs what was shipped.
> 
> I would expect that the OS distribution tools (freebsd-upgrade) can
> verify the files I have installed, including the boot loader it is
> shipping into /boot.

   My understanding is freebsd-update leaves all boot loaders alone. 
Having new ZFS code didn't break booting but upgrading a ZFS pool breaks 
boot access to the pool without a corresponding boot loader update. That 
was not just an EFI issue.
   I forget where but recall someone wrote a script to try to detect a 
difference and replace (or give instructions?) if different but it 
didn't know what version anything is either. My attempt at writing a 
check in my source based update scripts hasn't been correct yet but 
again it was a non-version based difference check.

> I'd like to be able to compare the checksums of bootloaders I have
> from EFI against a table of checksums of the same files across
> authentic distributions. Even if it was just a text file in /var that
> freebsd-update uses or I could grep. I was disappointed that
> "freebsd-upgrade IDS" never mentioned files in /boot.
> 
> I must manually update the bootloader when I upgrade FreeBSD. If I
> mess up, or lose track, I need a way to find out what I have in EFI
> against files shipped with FreeBSD.
> 
> ------------------------------------------------------------------
> Russell Adams                        Russell.Adams@AdamsSystems.nl
> Principal Consultant                     Adams Systems Consultancy
>                                            https://adamssystems.nl/
>