[Differential] D16155: Add veriexec to loader

Conrad Meyer cem at freebsd.org
Fri Jul 6 17:14:49 UTC 2018 

Hi Simon,

On Thu, Jul 5, 2018 at 9:16 PM, Simon J. Gerraty <sjg at juniper.net> wrote:
> +freebsd-arch since I refuse to top-post via phab, and this all warrants
> a discussion anyway...

Please follow-up in Phabricator, or there is little point in using it.
(I don't know where the "top-post" characterization comes from —
phabricator presents conversations top-to-bottom, in the same fashion
as bottom posting.)

Without getting into point-by-point specifics, I'll address a couple
(meta-)issues of that come up multiple times in the conversation:

1. It's unclear in what context files are used (loader, userspace,
and/or kernel).  Some files in directories are built in multiple
contexts, but not others, and the contexts aren't clear from the
pathnames.  That lead(s) to some confusion.  For crypto review you
really want clarity.  It is almost certainly better to break this into
several pieces.  I.e., the mechanical build system changes to import
bearssl can be separated out; you could maybe add loader-only
verification code next, then bring in the kernel pieces, then
userspace (as separate reviews).  You know this work better than I do;
how you choose to split it is up to you.  But I would encourage
smaller pieces.

2. A lot of the responses to my questions or comments are "JunOS does
(or has done) it this way."  Those are great rationales for Juniper
continuing to use the existing design in its commercial product!  But
this isn't JunOS, and booting JunOS is useless to FreeBSD.  If all you
want to do with the changes is boot JunOS, I don't see any reason to
include it in FreeBSD.  If your concern is that the implementations
will diverge slightly, well, they will.  That's sort of the nature of
being a downstream commercial product of FreeBSD.  For anything
removed in FreeBSD (i.e., obsolete SHA1 support, or even RSA/ECDSA
signatures) that you need to retain in JunOS, you can still include
that as a small local patch in JunOS.  We do not want crufty 2003
crypto in FreeBSD.

3. It is an unreasonable response to question or critique to refer
reviewers to a 60 minute video of a talk.  If you addressed that
specific question or concern in your talk, and want to provide *a
specific timestamp and duration* in the video stream, great.  I'm
happy to watch a short, specific clip, if that is your preferred media
for representing a few sentences.  But I'm not going to sit down and
watch a 60 minute talk just to dig for the response to a specific
concern, which may or may not even be addressed.

Thanks,
Conrad

More information about the freebsd-arch mailing list