d/freebsd-nq
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Move LOADER_{NO,}_GELI_SUPPORT to MK_LOADER_GELI

Browse Source 
Transition to WITH/WITHOUT_LOADER_GELI to flag support or not of GELI
in the boot loaders. Add HAVE_GELI so components can flag they need
support (since it's too large to include everywhere). Add temporary
warnings for the old forms to ease transition.

Also, update test script to build without GELI on x86.

Sponsored by: Netflix
This commit is contained in:
Warner Losh 2017-11-10 23:54:48 +00:00
parent a179cd9114
commit 4728f534ff
14 changed files with 54 additions and 45 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
UPDATING
View File

@ -53,7 +53,8 @@ NOTE TO PEOPLE WHO THINK THAT FreeBSD 12.x IS SLOW:
201711xx: 201711xx:
The LOADER_FIREWIRE_SUPPORT build variable as been renamed to The LOADER_FIREWIRE_SUPPORT build variable as been renamed to
WITH_LOADER_FIREWIRE (or WITHOUT_LOADER_FIREWIRE). WITH/OUT_LOADER_FIREWIRE. LOADER_{NO_,}GELI_SUPPORT has been renamed
to WITH/OUT_LOADER_GELI.
20171106: 20171106:
The naive and non-compliant support of posix_fallocate(2) in ZFS The naive and non-compliant support of posix_fallocate(2) in ZFS

1
share/mk/src.opts.mk
View File

@ -119,6 +119,7 @@ __DEFAULT_YES_OPTIONS = \
LIB32 \ LIB32 \
LIBPTHREAD \ LIBPTHREAD \
LIBTHR \ LIBTHR \
LOADER_GELI \
LOCALES \ LOCALES \
LOCATE \ LOCATE \
LPR \ LPR \

18
sys/boot/defs.mk
View File

@ -85,10 +85,26 @@ CFLAGS+= -DLOADER_GPT_SUPPORT
.if ${LOADER_MBR_SUPPORT:Uyes} == "yes" .if ${LOADER_MBR_SUPPORT:Uyes} == "yes"
CFLAGS+= -DLOADER_MBR_SUPPORT CFLAGS+= -DLOADER_MBR_SUPPORT
.endif .endif
.if ${LOADER_GELI_SUPPORT:Uyes} == "yes"
# GELI Support, with backward compat hooks
.if defined(HAVE_GELI)
.if defined(LOADER_NO_GELI_SUPPORT)
MK_LOADER_GELI=no
.warning "Please move from LOADER_NO_GELI_SUPPORT to WITHOUT_LOADER_GELI"
.endif
.if defined(LOADER_GELI_SUPPORT)
MK_LOADER_GELI=yes
.warning "Please move from LOADER_GELI_SUPPORT to WITH_LOADER_GELI"
.endif
.if ${MK_LOADER_GELI} == "yes"
CFLAGS+= -DLOADER_GELI_SUPPORT CFLAGS+= -DLOADER_GELI_SUPPORT
CFLAGS+= -I${BOOTSRC}/geli
LIBGELIBOOT= ${BOOTOBJ}/geli/libgeliboot.a
.endif .endif
.endif .endif
.endif
CFLAGS+= -I${SYSDIR}
# All PowerPC builds are 32 bit. We have no 64-bit loaders on powerpc # All PowerPC builds are 32 bit. We have no 64-bit loaders on powerpc
# or powerpc64. # or powerpc64.

4
sys/boot/geli/Makefile
View File

@ -49,5 +49,9 @@ SRCS+= rijndael-alg-fst.c rijndael-api-fst.c rijndael-api.c
CFLAGS+= -D_STAND CFLAGS+= -D_STAND
SRCS+= geliboot_crypto.c g_eli_hmac.c g_eli_key.c g_eli_key_cache.c pkcs5v2.c SRCS+= geliboot_crypto.c g_eli_hmac.c g_eli_key.c g_eli_key_cache.c pkcs5v2.c
# aes
.PATH: ${SYSDIR}/opencrypto
SRCS+= xform_aes_xts.c
.include <bsd.stand.mk> .include <bsd.stand.mk>
.include <bsd.lib.mk> .include <bsd.lib.mk>

14
sys/boot/i386/gptboot/Makefile
View File

@ -1,5 +1,7 @@
# $FreeBSD$ # $FreeBSD$
HAVE_GELI= yes
.include <bsd.init.mk> .include <bsd.init.mk>
.PATH: ${BOOTSRC}/i386/boot2 ${BOOTSRC}/i386/common ${SASRC} .PATH: ${BOOTSRC}/i386/boot2 ${BOOTSRC}/i386/common ${SASRC}
@ -41,14 +43,6 @@ CFLAGS+=-DBOOTPROG=\"gptboot\" \
CFLAGS.gcc+= --param max-inline-insns-single=100 CFLAGS.gcc+= --param max-inline-insns-single=100
.if ${LOADER_GELI_SUPPORT:Uyes} == "yes"
CFLAGS+= -DLOADER_GELI_SUPPORT
CFLAGS+= -I${BOOTSRC}/geli
LIBGELIBOOT= ${BOOTOBJ}/geli/libgeliboot.a
.PATH: ${SYSDIR}/opencrypto
OPENCRYPTO_XTS= xform_aes_xts.o
.endif
LD_FLAGS+=${LD_FLAGS_BIN} LD_FLAGS+=${LD_FLAGS_BIN}
CLEANFILES= gptboot CLEANFILES= gptboot
@ -66,12 +60,12 @@ gptldr.out: gptldr.o
${LD} ${LD_FLAGS} -e start -Ttext ${ORG1} -o ${.TARGET} gptldr.o ${LD} ${LD_FLAGS} -e start -Ttext ${ORG1} -o ${.TARGET} gptldr.o
CLEANFILES+= gptboot.bin gptboot.out gptboot.o sio.o crc32.o drv.o \ CLEANFILES+= gptboot.bin gptboot.out gptboot.o sio.o crc32.o drv.o \
cons.o util.o ${OPENCRYPTO_XTS} cons.o ${OPENCRYPTO_XTS}
gptboot.bin: gptboot.out gptboot.bin: gptboot.out
${OBJCOPY} -S -O binary gptboot.out ${.TARGET} ${OBJCOPY} -S -O binary gptboot.out ${.TARGET}
gptboot.out: ${BTXCRT} gptboot.o sio.o crc32.o drv.o cons.o util.o ${OPENCRYPTO_XTS} gptboot.out: ${BTXCRT} gptboot.o sio.o crc32.o drv.o cons.o ${OPENCRYPTO_XTS}
${LD} ${LD_FLAGS} -Ttext ${ORG2} -o ${.TARGET} ${.ALLSRC} ${LIBGELIBOOT} ${LIBSA32} ${LD} ${LD_FLAGS} -Ttext ${ORG2} -o ${.TARGET} ${.ALLSRC} ${LIBGELIBOOT} ${LIBSA32}
gptboot.o: ${SASRC}/ufsread.c gptboot.o: ${SASRC}/ufsread.c

10
sys/boot/i386/gptzfsboot/Makefile
View File

@ -1,5 +1,7 @@
# $FreeBSD$ # $FreeBSD$
HAVE_GPT= yes
.include <bsd.init.mk> .include <bsd.init.mk>
.PATH: ${BOOTSRC}/i386/boot2 ${BOOTSRC}/i386/gptboot \ .PATH: ${BOOTSRC}/i386/boot2 ${BOOTSRC}/i386/gptboot \
@ -50,14 +52,6 @@ LIBZFSBOOT=${BOOTOBJ}/zfs32/libzfsboot.a
LIBZFSBOOT=${BOOTOBJ}/zfs/libzfsboot.a LIBZFSBOOT=${BOOTOBJ}/zfs/libzfsboot.a
.endif .endif
.if ${LOADER_GELI_SUPPORT:Uyes} == "yes"
CFLAGS+= -DLOADER_GELI_SUPPORT
CFLAGS+= -I${BOOTSRC}/geli
LIBGELIBOOT= ${BOOTOBJ}/geli/libgeliboot.a
.PATH: ${SYSDIR}/opencrypto
OPENCRYPTO_XTS= xform_aes_xts.o
.endif
CFLAGS.gcc+= --param max-inline-insns-single=100 CFLAGS.gcc+= --param max-inline-insns-single=100
LD_FLAGS+=${LD_FLAGS_BIN} LD_FLAGS+=${LD_FLAGS_BIN}

9
sys/boot/i386/libi386/Makefile
View File

@ -1,5 +1,8 @@
# $FreeBSD$ # $FreeBSD$
HAVE_GPT= yes
HAVE_GELI= yes
.include <bsd.init.mk> .include <bsd.init.mk>
LIB= i386 LIB= i386
@ -25,12 +28,6 @@ CFLAGS+= -DCOMSPEED=${BOOT_COMCONSOLE_SPEED}
CFLAGS+= -DDISK_DEBUG CFLAGS+= -DDISK_DEBUG
.endif .endif
.if ${LOADER_GELI_SUPPORT:Uyes} == "yes"
# Decrypt encrypted drives
CFLAGS+= -DLOADER_GELI_SUPPORT
CFLAGS+= -I${BOOTSRC}/geli
.endif
.if !defined(BOOT_HIDE_SERIAL_NUMBERS) .if !defined(BOOT_HIDE_SERIAL_NUMBERS)
# Export serial numbers, UUID, and asset tag from loader. # Export serial numbers, UUID, and asset tag from loader.
CFLAGS+= -DSMBIOS_SERIAL_NUMBERS CFLAGS+= -DSMBIOS_SERIAL_NUMBERS

11
sys/boot/i386/loader/Makefile
View File

@ -1,5 +1,7 @@
# $FreeBSD$ # $FreeBSD$
HAVE_GELI= yes
LOADER_NET_SUPPORT?= yes LOADER_NET_SUPPORT?= yes
LOADER_NFS_SUPPORT?= yes LOADER_NFS_SUPPORT?= yes
LOADER_TFTP_SUPPORT?= yes LOADER_TFTP_SUPPORT?= yes
@ -38,15 +40,6 @@ CFLAGS+= -DLOADER_FIREWIRE_SUPPORT
LIBFIREWIRE= ${BOOTOBJ}/i386/libfirewire/libfirewire.a LIBFIREWIRE= ${BOOTOBJ}/i386/libfirewire/libfirewire.a
.endif .endif
.if ${LOADER_GELI_SUPPORT:Uyes} == "yes"
CFLAGS+= -DLOADER_GELI_SUPPORT
CFLAGS+= -I${BOOTSRC}/geli
LIBGELIBOOT= ${BOOTOBJ}/geli/libgeliboot.a
.PATH: ${SYSDIR}/opencrypto
SRCS+= xform_aes_xts.c
CFLAGS+= -I${SYSDIR} -D_STAND
.endif
# Always add MI sources # Always add MI sources
.include "${BOOTSRC}/loader.mk" .include "${BOOTSRC}/loader.mk"
CFLAGS+= -I. CFLAGS+= -I.

8
sys/boot/i386/zfsboot/Makefile
View File

@ -1,6 +1,6 @@
# $FreeBSD$ # $FreeBSD$
LOADER_GELI_SUPPORT=no HAVE_GELI=yes
.include <bsd.init.mk> .include <bsd.init.mk>
@ -60,7 +60,7 @@ zfsldr.out: zfsldr.o
${LD} ${LD_FLAGS} -e start -Ttext ${ORG1} -o ${.TARGET} zfsldr.o ${LD} ${LD_FLAGS} -e start -Ttext ${ORG1} -o ${.TARGET} zfsldr.o
CLEANFILES+= zfsboot2 zfsboot.ld zfsboot.ldr zfsboot.bin zfsboot.out \ CLEANFILES+= zfsboot2 zfsboot.ld zfsboot.ldr zfsboot.bin zfsboot.out \
zfsboot.o zfsboot.s zfsboot.s.tmp sio.o cons.o drv.o util.o zfsboot.o zfsboot.s zfsboot.s.tmp sio.o cons.o drv.o
# We currently allow 128k bytes for zfsboot - in practice it could be # We currently allow 128k bytes for zfsboot - in practice it could be
# any size up to 3.5Mb but keeping it fixed size simplifies zfsldr. # any size up to 3.5Mb but keeping it fixed size simplifies zfsldr.
@ -82,8 +82,8 @@ zfsboot.ldr:
zfsboot.bin: zfsboot.out zfsboot.bin: zfsboot.out
${OBJCOPY} -S -O binary zfsboot.out ${.TARGET} ${OBJCOPY} -S -O binary zfsboot.out ${.TARGET}
zfsboot.out: ${BTXCRT} zfsboot.o sio.o drv.o cons.o util.o zfsboot.out: ${BTXCRT} zfsboot.o sio.o drv.o cons.o
${LD} ${LD_FLAGS} -Ttext ${ORG2} -o ${.TARGET} ${.ALLSRC} ${LIBZFSBOOT} ${LIBSA32} ${LD} ${LD_FLAGS} -Ttext ${ORG2} -o ${.TARGET} ${.ALLSRC} ${LIBZFSBOOT} ${LIBGELIBOOT} ${LIBSA32}
SRCS= zfsboot.c SRCS= zfsboot.c

3
sys/boot/i386/zfsloader/Makefile
View File

@ -5,6 +5,5 @@ NEWVERSWHAT= "ZFS enabled bootstrap loader" x86
LOADER_ONLY= yes LOADER_ONLY= yes
HAVE_ZFS= yes HAVE_ZFS= yes
.include <bsd.init.mk> .include "${.CURDIR}/../loader/Makefile"
.include "${BOOTSRC}/i386/loader/Makefile"

1
sys/boot/sparc64/loader/Makefile
View File

@ -22,6 +22,7 @@ VERSION_FILE= ${.CURDIR}/../loader/version
INSTALLFLAGS= -b INSTALLFLAGS= -b
# Architecture-specific loader code # Architecture-specific loader code
.PATH: ${BOOTSRC}/sparc64/loader
SRCS= locore.S main.c metadata.c vers.c SRCS= locore.S main.c metadata.c vers.c
.if ${LOADER_DEBUG} == "yes" .if ${LOADER_DEBUG} == "yes"

2
sys/boot/sparc64/zfsloader/Makefile
View File

@ -1,7 +1,5 @@
# $FreeBSD$ # $FreeBSD$
.PATH: ${.CURDIR}/../loader
PROG= zfsloader PROG= zfsloader
NEWVERSWHAT= "ZFS enabled bootstrap loader" sparc64 NEWVERSWHAT= "ZFS enabled bootstrap loader" sparc64
HAVE_ZFS= yes HAVE_ZFS= yes

11
tools/boot/universe.sh
View File

@ -63,7 +63,7 @@ for i in \
sparc64/sparc64 \ sparc64/sparc64 \
; do ; do
ta=${i##*/} ta=${i##*/}
dobuild $ta _.boot.${ta}.noZFS.log "MK_ZFS=no" dobuild $ta _.boot.${ta}.no_zfs.log "MK_ZFS=no"
done done
# Build with firewire # Build with firewire
@ -74,3 +74,12 @@ for i in \
ta=${i##*/} ta=${i##*/}
dobuild $ta _.boot.${ta}.firewire.log "MK_LOADER_FIREWIRE=yes" dobuild $ta _.boot.${ta}.firewire.log "MK_LOADER_FIREWIRE=yes"
done done
# Build without GELI
for i in \
amd64/amd64 \
i386/i386 \
; do
ta=${i##*/}
dobuild $ta _.boot.${ta}.no_geli.log "MK_LOADER_GELI=no"
done

2
tools/build/options/WITHOUT_LOADER_GEIL Normal file
View File

@ -0,0 +1,2 @@
.\" $FreeBSD$
Disable inclusion of GELI crypto support in the boot chain binaries.