svn commit: r358744 - in head: lib/libsecureboot lib/libsecureboot/h lib/libsecureboot/tests share/mk stand stand/common stand/efi/loader stand/efi/loader/arch/i386 stand/ficl stand/i386/libi386 st...
O. Hartmann
ohartmann at walstatt.org
Mon Mar 9 06:11:08 UTC 2020
On Sun, 8 Mar 2020 17:42:43 +0000 (UTC)
"Simon J. Gerraty" <sjg at FreeBSD.org> wrote:
> Author: sjg
> Date: Sun Mar 8 17:42:42 2020
> New Revision: 358744
> URL: https://svnweb.freebsd.org/changeset/base/358744
>
> Log:
> veloader use vectx API for kernel and modules
>
> The vectx API, computes the hash for verifying a file as it is read.
> This avoids the overhead of reading files twice - once to verify, then
> again to load.
>
> For doing an install via loader, avoiding the need to rewind
> large files is critical.
>
> This API is only used for modules, kernel and mdimage as these are the
> biggest files read by the loader.
> The reduction in boot time depends on how expensive the I/O is
> on any given platform. On a fast VM we see 6% improvement.
>
> For install via loader the first file to be verified is likely to be the
> kernel, so some of the prep work (finding manifest etc) done by
> verify_file() needs to be factored so it can be reused for
> vectx_open().
>
> For missing or unrecognized fingerprint entries, we fail
> in vectx_open() unless verifying is disabled.
>
> Otherwise fingerprint check happens in vectx_close() and
> since this API is only used for files which must be verified
> (VE_MUST) we panic if we get an incorrect hash.
>
> Reviewed by: imp,tsoome
> MFC after: 1 week
> Sponsored by: Juniper Networks
> Differential Revision: https://reviews.freebsd.org//D23827
>
> Modified:
> head/lib/libsecureboot/h/libsecureboot.h
> head/lib/libsecureboot/h/verify_file.h
> head/lib/libsecureboot/tests/tvo.c
> head/lib/libsecureboot/vectx.c
> head/lib/libsecureboot/verify_file.c
> head/share/mk/src.opts.mk
> head/stand/common/bootstrap.h
> head/stand/common/interp_forth.c
> head/stand/common/interp_simple.c
> head/stand/common/load_elf.c
> head/stand/common/load_elf_obj.c
> head/stand/common/misc.c
> head/stand/common/module.c
> head/stand/efi/loader/arch/i386/i386_copy.c
> head/stand/efi/loader/copy.c
> head/stand/efi/loader/loader_efi.h
> head/stand/efi/loader/main.c
> head/stand/ficl/loader.c
> head/stand/i386/libi386/i386_copy.c
> head/stand/i386/libi386/libi386.h
> head/stand/i386/loader/chain.c
> head/stand/libofw/libofw.h
> head/stand/libofw/ofw_copy.c
> head/stand/loader.mk
> head/stand/mips/beri/loader/arch.c
> head/stand/powerpc/kboot/main.c
> head/stand/uboot/lib/copy.c
> head/stand/uboot/lib/libuboot.h
> head/stand/userboot/userboot/copy.c
> head/stand/userboot/userboot/libuserboot.h
>
> To unsubscribe, send any mail to "svn-src-head-unsubscribe at freebsd.org"
[... deleted ...]
buildworld seems to be broken on this commit:
[...]
--- all_subdir_stand ---
--- lstd.o ---
/usr/src/stand/liblua/lstd.c:86:44: error: too few arguments to function call,
expected 5, have 4 if (verify_file(fd, filename, 0, VE_GUESS) < 0) {
~~~~~~~~~~~ ^
/usr/src/lib/libsecureboot/h/verify_file.h:50:1: note: 'verify_file' declared
here int verify_file(int, const char *, off_t, int, const char *);
^
1 error generated.
[...]
Building host is CURRENT, FreeBSD 13.0-CURRENT #118 r358695: Fri Mar 6
12:48:00 CET 2020 amd64:
kind regards,
oh
More information about the svn-src-head
mailing list