Commit Graph

134 Commits

Author SHA1 Message Date
Andriy Gapon
b2ef499041 loader: fix BOOTSRC -> BOOTOBJ in a library path 2017-11-02 19:45:51 +00:00
Roger Pau Monné
1305bc4107 loader: re-enable gzip support for x86
r324653 inadvertently disabled default gzip support on x86, re-enable.

Sponsored by:		Citrix System R&D
Reviewed by:		imp
Differential revision:	https://reviews.freebsd.org/D12913
2017-11-02 18:13:26 +00:00
Warner Losh
8689c387ee For amd64, compile both zfs and zfs32 libraries.
We have a separate copy of zfs for userboot. However, we don't need it
if we compile both 32 and 64 bit ZFS libraries. Remove redunant copies
of zfs related .o files now that both versions are
available. Introduce ZFSSRC and use it everywhere.

Sponsored by: Netflix
2017-10-30 23:14:59 +00:00
Warner Losh
9d9576461b Use defs.mk name and prefer bsd.init.mk
Also need to make some small tweaks to the Makefiles to use += rather
than = due to small shift in include file order.

Sponsored by: Netflix
2017-10-30 23:14:37 +00:00
Warner Losh
cb3ee5c694 End source directories with SRC rather than a hodgepodge of names
BOOTDIR->BOOTSRC
FICLDIR->FICLSRC
LDR_MI->LDRSRC

This matches the patterns used in the rest of the system a bit vetter.

Suggested by: rgrimes@
Sponsored by: Netflix
2017-10-22 22:50:08 +00:00
Warner Losh
4b165a5f12 Use BOOTOBJ and BOOTDIR to find geli includes and libraries.
Sponsored by: Netflix
2017-10-22 03:52:22 +00:00
Warner Losh
a7fa2fb669 LOADER_foo_SUPPORTED 2017-10-16 03:59:52 +00:00
Warner Losh
6b9f688352 Move all the ficl common code into ficl.mk
There's a number of copies of basically identical code to enable
building forth in /boot/loader. Move it all into ficl.mk.
2017-10-16 03:59:44 +00:00
Warner Losh
7f20726e4b Move common/Makefile.inc to sys/boot/loader.mk.
Makefile.inc has a specific meaning in the tree, and
common/Makefile.inc doesn't quite fit into that. Rename it to
loader.mk and it will be a place to collect common things to all
/boot/loader programs there.

Sponsored by: Netflix
2017-10-16 03:59:28 +00:00
Warner Losh
b9b9a7c3a2 Rather than laying whack-a-mole with including the path to stand.h,
always include it. Remove places where we explicitly include it. This
also helps reduce the 'cut-and-paste' factor of these Makefiles.

Sponsored by: Netflix
2017-10-10 01:31:44 +00:00
Warner Losh
8f409b435a Define LIBSA* and use them instead of overloaded LIBSTAND
LIBSA is the current stand alone library. LIBSA32 is the 32-bit
version of the library. LIBSAU is the userboot version of libsa. Use
the proper define instead of the more generic define.

Sponsored by: Netflix
2017-10-09 22:12:46 +00:00
Warner Losh
eca8b9c449 Define SASRC and use it
Define SASRC to point to the current libstand sources. Include
../Makefile.inc early enough in a few places so we can .include
"${SASRC}/Makefile" and have it work. Create a new pass-up
Makefile.inc in sys/boot/userboot to allow this pattern to work.

Sponsored by: Netflix
2017-10-09 22:12:32 +00:00
Toomas Soome
769bad9f8a Add chain loader support for loader
Implement simple chain loader in loader; this update does add chain command,
taking device or file as argument to load and start new boot loader.

In case of BIOS, the chain will read the boot block to address 0000:7c00 and
jumps on it. In case of UEFI, the chain command is to be used with efi
application, typically stored in EFI System Partition.

The update also does add simple menu entry, if the variable chain_disk is set.
The value of the variable chain_disk is used as argument for chain loading.

Relnotes:	yes
Differential Revision:	https://reviews.freebsd.org/D5992
2017-06-16 20:08:44 +00:00
Baptiste Daroussin
5fe86cd909 Always build tftpfs support along with nfs for pxeboot
This change was already done for loader.efi
2017-05-27 12:20:13 +00:00
Toomas Soome
da8fb057e5 loader: network read rework
The current read from network is working from up to down - we have some
protocol needing the data from the network, so we build the buffer space
for that protocol, add the extra space for headers and pass this buffer
down to be filled by nif get call in hope, we have guessed the incoming
packet size right. Amazingly enough this approach mostly does work, but
not always...

So, this update does work from down to up - we allocate buffer (based
on MTU or frame size info), fill it up, and pass on for upper layers.
The obvious problem is that when we should free the buffer - if at all.

In the current implementation the upper layer will free the packet on error
or when the packet is no longer needed.

While working on the issue, the additional issue did pop up - the bios
implementation does not have generic get/put interface but is using pxe
udpsend/udpreceive instead. So the udp calls are gone and undi interface
is implemented instead. Which in turn means slight other changes as we
do not need to have duplicated pxe implementation and can just use dev_net.

To align packet content, the actual read from nic is using shifted buffer by
ETHER_ALIGN (2).

Reviewed by:	bapt
Differential Revision:	https://reviews.freebsd.org/D10232
2017-05-06 20:32:27 +00:00
Allan Jude
ec5c0e5be9 Implement boot-time encryption key passing (keybuf)
This patch adds a general mechanism for providing encryption keys to the
kernel from the boot loader. This is intended to enable GELI support at
boot time, providing a better mechanism for passing keys to the kernel
than environment variables. It is designed to be extensible to other
applications, and can easily handle multiple encrypted volumes with
different keys.

This mechanism is currently used by the pending GELI EFI work.
Additionally, this mechanism can potentially be used to interface with
GRUB, opening up options for coreboot+GRUB configurations with completely
encrypted disks.

Another benefit over the existing system is that it does not require
re-deriving the user key from the password at each boot stage.

Most of this patch was written by Eric McCorkle. It was extended by
Allan Jude with a number of minor enhancements and extending the keybuf
feature into boot2.

GELI user keys are now derived once, in boot2, then passed to the loader,
which reuses the key, then passes it to the kernel, where the GELI module
destroys the keybuf after decrypting the volumes.

Submitted by:	Eric McCorkle <eric@metricspace.net> (Original Version)
Reviewed by:	oshogbo (earlier version), cem (earlier version)
MFC after:	3 weeks
Relnotes:	yes
Sponsored by:	ScaleEngine Inc.
Differential Revision:	https://reviews.freebsd.org/D9575
2017-04-01 05:05:22 +00:00
Ed Maste
62652acf3a loader: use strip -o instead of cp and strip in place
It is simpler and cleaner to have strip produce the stripped output
directly than copying the input to the output first.

MFC after:	1 week
Sponsored by:	The FreeBSD Foundation
2016-12-28 04:55:43 +00:00
Ed Maste
bc814587a9 Deduplicate loader vers.c Makefile rules
The Makefile rule to create vers.c for loader version info was
previously duplicated in each of the various loader Makefiles.
Instead, share a common rule in Makefile.inc.

Reviewed by:	bapt
MFC after:	1 month
Sponsored by:	The FreeBSD Foundation
Differential Revision:	https://reviews.freebsd.org/D8841
2016-12-19 14:40:59 +00:00
Warner Losh
75a63b2de3 Really make WITHOUT_FORTH (MK_FORTH==no) work. The recent inclusion of
FICL definitions not in ficl/ficl32 files broke this generally. This
makes that stuff conditional on BOOT_FORTH. Also, move definitions
related to the architecture (FICL_CPUARCH and friends) into
Makefile.ficl that all parts of the tree that include files with ficl
need to include (but only if MK_FORTH == yes). In addition, had to fix
library ordering issue with LIBSTAND to keep it last. Without boot
forth, there's no references to memset to bring in memset.o from
libstand.a to satisfy libgeliboot.a's use of it. Listing libstand last
solves this issue (and it's the proper place for libstand to boot).
2016-10-25 17:31:57 +00:00
Allan Jude
b996592c3e Implement GELI (AES-XTS and AES-CBC only) in gptboot and gptzfsboot
Allows booting from a GELI encrypted root file system, via UFS or ZFS

Reviewed by:	gnn, smh (previous version), delphij (previous version)
Relnotes:	yes
Sponsored by:	ScaleEngine Inc.
Differential Revision:	https://reviews.freebsd.org/D4593
2016-03-16 23:12:19 +00:00
Bryan Drewery
a09f4b4d12 Add more .NOMETA missed in r291320
Sponsored by:	EMC / Isilon Storage Division
2016-03-11 23:45:51 +00:00
Bryan Drewery
1a17ca5f2a Revert r269030. CLEANFILES is already added to .NOPATH since r241298.
Sponsored by:	EMC / Isilon Storage Division
2016-03-11 23:45:45 +00:00
Allan Jude
9322ac3f6e Remove guards around overwriting loader.rc and menu.rc
There have been .local version of each for user modifications for some time
This allows users to receive future updates to these files

PR:		183765
Submitted by:	Bertram Scharpf, Nikolai Lifanov (patch)
Reviewed by:	dteske, loos, eadler
Approved by:	bapt (mentor)
MFC after:	1 month
Relnotes:	yes
Sponsored by:	ScaleEngine Inc.
Differential Revision:	https://reviews.freebsd.org/D3176
2015-08-06 16:07:27 +00:00
Baptiste Daroussin
bda8af6860 Install loader(8) and zfsloader(8) only once
Differential Revision:	https://reviews.freebsd.org/D2841
Reviewed by:	imp
2015-06-19 05:42:24 +00:00
Jung-uk Kim
11823c5f1e Revert .PATH changes to fix mips build.
Reported by:	bz
Pointy hat to:	jkim
2015-04-03 02:27:40 +00:00
Jung-uk Kim
bf64b1d71c Install newly added brand-*.4th and logo-*.4th files and reduce duplication.
Reviewed by:	dteske
Pointy hat to:	dteske
2015-04-02 20:07:05 +00:00
Warner Losh
dd56e3b6bc Add support for calling pcibios routines from the
bootloader. Implement the following routines:
	pcibios-device-count	count the number of instances of a devid
	pcibios-read-config	read pci config space
	pcibios-write-config	write pci config space
	pcibios-find-devclass	find the nth device with a given devclass
	pcibios-find-device	find the nth device with a given devid
	pcibios-locator		convert bus device function ti pcibios locator
These commands are thin wrappers over their PCI BIOS 2.1 counterparts. More
informaiton, such as it is, can be found in the standard.

Export a nunmber of pcibios.X variables into the environment to report
what the PCI IDENTIFY command returned.

Also implmenet a new command line primitive (pci-device-count), but don't
include it by default just yet, since it depends on the recently added
words and any errors here can render a system unbootable.

This is intended to allow the boot loader to do special things based
on the hardware it finds. This could be have special settings that are
optimized for the specific cards, or even loading special drivers. It
goes without saying that writing to pci config space should not be
done without a just cause and a sound mind.

Sponsored by:	Netflix
2014-09-10 21:07:00 +00:00
Bryan Drewery
5608fd23c2 Revert r267233 for now. PIE support needs to be reworked.
1. 50+% of NO_PIE use is fixed by adding -fPIC to INTERNALLIB and other
   build-only utility libraries.
2. Another 40% is fixed by generating _pic.a variants of various libraries.
3. Some of the NO_PIE use is a bit absurd as it is disabling PIE (and ASLR)
   where it never would work anyhow, such as csu or loader. This suggests
   there may be better ways of adding support to the tree. Many of these
   cases can be fixed such that -fPIE will work but there is really no
   reason to have it in those cases.
4. Some of the uses are working around hacks done to some Makefiles that are
   really building libraries but have been using bsd.prog.mk because the code
   is cleaner. Had they been using bsd.lib.mk then NO_PIE would not have
   been needed.

We likely do want to enable PIE by default (opt-out) for non-tree consumers
(such as ports). For in-tree though we probably want to only enable PIE
(opt-in) for common attack targets such as remote service daemons and setuid
utilities. This is also a great performance compromise since ASLR is expected
to reduce performance. As such it does not make sense to enable it in all
utilities such as ls(1) that have little benefit to having it enabled.

Reported by:	kib
2014-08-19 15:04:32 +00:00
Sean Bruno
c6ac3a1de9 Add .NOPATH to the machine target so that builds in sys/boot work and don't
error out building zfs loader.

Submitted by:	sjg@freebsd.org
2014-07-23 22:12:05 +00:00
Bryan Drewery
864c53ead8 In preparation for ASLR [1] support add WITH_PIE to support building with -fPIE.
This is currently an opt-in build flag. Once ASLR support is ready and stable
it should changed to opt-out and be enabled by default along with ASLR.

Each application Makefile uses opt-out to ensure that ASLR will be enabled by
default in new directories when the system is compiled with PIE/ASLR. [2]

Mark known build failures as NO_PIE for now.

The only known runtime failure was rtld.

[1] http://www.bsdcan.org/2014/schedule/events/452.en.html
Submitted by:		Shawn Webb <lattera@gmail.com>
Discussed between:	des@ and Shawn Webb [2]
2014-06-08 17:29:31 +00:00
Warner Losh
c6063d0da8 Use src.opts.mk in preference to bsd.own.mk except where we need stuff
from the latter.
2014-05-06 04:22:01 +00:00
Ed Maste
04555dfd89 Build boot/ficl as 64-bit library on amd64
The 32-bit bootloaders on amd64 now use the 32-bit version in ficl32,
as is done with libstand32.  The native 64-bit ficl will be used by the
upcoming UEFI loader.

Sponsored by:	The FreeBSD Foundation
2014-04-03 21:18:03 +00:00
Ed Maste
5a989e68f6 Build a 32-bit libstand under sys/boot/
A 32-bit libstand is needed on 64-bit platforms for use by various
bootloaders.  Previously only the 32-bit version was built, installed as
/usr/lib/libstand.a.

A new 64-bit libstand consumer will arrive in the near future, so move
the bootloader-specific 32-bit version to sys/boot/libstand32/.

Explicitly link against this version in the 32-bit loaders.

Sponsored by:	The FreeBSD Foundation
2014-02-06 21:54:21 +00:00
Devin Teske
6674efd728 Hook in new files menusets.4th and manual.
Approved by:	adrian (co-mentor) (implicit)
2012-11-07 02:14:03 +00:00
Andrey V. Elsukov
95b2c05cf0 Reduce the number of attempts to detect proper kld format for the amd64
loader.
2012-09-30 12:24:15 +00:00
Andrey V. Elsukov
6f6aad97b6 Remove unneeded flag. 2012-08-05 14:38:53 +00:00
Grzegorz Bernacki
7f725bcd5c Import work done under project/nand (@235533) into head.
The NAND Flash environment consists of several distinct components:
  - NAND framework (drivers harness for NAND controllers and NAND chips)
  - NAND simulator (NANDsim)
  - NAND file system (NAND FS)
  - Companion tools and utilities
  - Documentation (manual pages)

This work is still experimental. Please use with caution.

Obtained from: Semihalf
Supported by:  FreeBSD Foundation, Juniper Networks
2012-05-17 10:11:18 +00:00
Andriy Gapon
356c95812d i386 zfsloader: rename LIBZFS to LIBZFSBOOT
... to avoid name clash with the other libzfs

MFC after:	1 month
2012-05-09 08:07:08 +00:00
Martin Wilke
ed706bb19c - Whitespaces fixed only
Approved by:	rwatson (mentor)
2011-11-19 14:42:06 +00:00
Julian Elischer
802e09ac9e New boot loader menus from Devin Teske.
Discussed on hackers and recommended for inclusion into 9.0 at the devsummit.
All support email to devin   dteske at vicor dot ignoreme dot com .

Submitted by:	dteske at vicor dot ignoreme dot com
Reviewed by:	me and many others
2011-05-28 08:50:38 +00:00
Xin LI
cff4750233 For consistency, change all 'i386' and MACHINE_ARCH to x86.
Reviewed by:	jhb
MFC after:	1 week
2010-08-31 19:01:12 +00:00
Warner Losh
5aae6977bc MF tbemd: Minor tweaks, prefer MACHINE_CPUARCH generally to MACHINE_ARCH 2010-08-23 01:42:09 +00:00
Rui Paulo
7d54a05ac8 Correctly setup LDADD with regards to libstand. The submitter points
out that "on amd64, libstand.a is compiled for i386, but is still installed
under ${WORLDTMP}/usr/lib instead of ${WORLDTMP}/usr/lib32.  Even if it
would be installed there, ld on amd64 is set up incorrectly with a
${TOOLS_PREFIX}/usr/lib/i386 default path, so it wouldn't link.  The reason
it does link under gcc is that gcc passes -L${WORLDTMP}/usr/lib twice,
even for -m32 builds, which is also incorrect, but accidentally works in
this case."

Submitted by:	Dimitry Andric <dimitry at andric.com>
2010-07-22 18:57:47 +00:00
Robert Noland
f06c961ee3 Create a seperate ZFS enabled loader.
This adds zfsloader which will be called by zfsboot/gptzfsboot code rather
than the tradional loader.  This eliminates the need to set the
LOADER_ZFS_SUPPORT variable in order to get a ZFS enabled loader.

Note however, that you must reinstall your bootcode (zfsboot/gptzfsboot)
in order for the boot process to use the new loader.

New installations will no longer be required to build a ZFS enabled
loader for a working ZFS boot system.  Installing zfsboot/gptzfsboot is
sufficient for acknowledging the use of CDDL code and therefore the ZFS
enabled loader.

Based on a previous patch from jhb@

Reviewed by:	jhb@
MFC after:	2 weeks
2009-11-23 16:00:16 +00:00
John Baldwin
49e81dc952 - Make it possible to disable GPT support by setting LOADER_NO_GPT_SUPPORT
in make.conf or src.conf.
- When GPT is enabled (which it is by default), use memory above 1 MB and
  leave the memory from the end of the bss to the end of the 640k window
  purely for the stack.  The loader has grown and now it is much more
  common for the heap and stack to grow into each other when both are
  located in the 640k window.

PR:		kern/129526
MFC after:	1 week
2009-03-09 17:16:29 +00:00
Ruslan Ermilov
d9ca85fca7 Fix build when WITH_SSP is set explicitly.
Submitted by:	Jeremie Le Hen
2009-02-21 15:04:31 +00:00
Andrey A. Chernov
caab1f000c Fix building without ZFS (can't find library) 2008-11-18 03:55:55 +00:00
Pawel Jakub Dawidek
1ba4a712dd Update ZFS from version 6 to 13 and bring some FreeBSD-specific changes.
This bring huge amount of changes, I'll enumerate only user-visible changes:

- Delegated Administration

	Allows regular users to perform ZFS operations, like file system
	creation, snapshot creation, etc.

- L2ARC

	Level 2 cache for ZFS - allows to use additional disks for cache.
	Huge performance improvements mostly for random read of mostly
	static content.

- slog

	Allow to use additional disks for ZFS Intent Log to speed up
	operations like fsync(2).

- vfs.zfs.super_owner

	Allows regular users to perform privileged operations on files stored
	on ZFS file systems owned by him. Very careful with this one.

- chflags(2)

	Not all the flags are supported. This still needs work.

- ZFSBoot

	Support to boot off of ZFS pool. Not finished, AFAIK.

	Submitted by:	dfr

- Snapshot properties

- New failure modes

	Before if write requested failed, system paniced. Now one
	can select from one of three failure modes:
	- panic - panic on write error
	- wait - wait for disk to reappear
	- continue - serve read requests if possible, block write requests

- Refquota, refreservation properties

	Just quota and reservation properties, but don't count space consumed
	by children file systems, clones and snapshots.

- Sparse volumes

	ZVOLs that don't reserve space in the pool.

- External attributes

	Compatible with extattr(2).

- NFSv4-ACLs

	Not sure about the status, might not be complete yet.

	Submitted by:	trasz

- Creation-time properties

- Regression tests for zpool(8) command.

Obtained from:	OpenSolaris
2008-11-17 20:49:29 +00:00
Ruslan Ermilov
042df2e2da Enable GCC stack protection (aka Propolice) for userland:
- It is opt-out for now so as to give it maximum testing, but it may be
  turned opt-in for stable branches depending on the consensus.  You
  can turn it off with WITHOUT_SSP.
- WITHOUT_SSP was previously used to disable the build of GNU libssp.
  It is harmless to steal the knob as SSP symbols have been provided
  by libc for a long time, GNU libssp should not have been much used.
- SSP is disabled in a few corners such as system bootstrap programs
  (sys/boot), process bootstrap code (rtld, csu) and SSP symbols themselves.
- It should be safe to use -fstack-protector-all to build world, however
  libc will be automatically downgraded to -fstack-protector because it
  breaks rtld otherwise.
- This option is unavailable on ia64.

Enable GCC stack protection (aka Propolice) for kernel:
- It is opt-out for now so as to give it maximum testing.
- Do not compile your kernel with -fstack-protector-all, it won't work.

Submitted by:	Jeremie Le Hen <jeremie@le-hen.org>
2008-06-25 21:33:28 +00:00
Hidetoshi Shimokawa
97995404be MFp4: add FireWire/dcons support in loader for i386/amd64.
It is disabled by default. You need to put
LOADER_FIREWIRE_SUPPORT=yes in /etc/make.conf
and rebuild loader to enable it.
(cd /sys/boot/i386 && make clean && make && make install)

You can find a short introduction of dcons at
http://wiki.freebsd.org/DebugWithDcons
2007-05-29 14:35:57 +00:00