freebsd-nq/stand/defaults/loader.conf
Colin Percival 5c73b3e0a3 Add support for getting early entropy from UEFI
UEFI provides a protocol for accessing randomness. This is a good way
to gather early entropy, especially when there's no driver for the RNG
on the platform (as is the case on the Marvell Armada8k (MACCHIATObin)
for now).

If the entropy_efi_seed option is enabled in loader.conf (default: YES)
obtain 2048 bytes of entropy from UEFI and pass is to the kernel as a
"module" of name "efi_rng_seed" and type "boot_entropy_platform"; if
present, ingest it into the kernel RNG.

Submitted by:	Greg V
Reviewed by:	markm, kevans
Approved by:	csprng (markm)
MFC after:	3 weeks
Differential Revision:	https://reviews.freebsd.org/D20780
2022-02-17 13:01:11 -08:00

180 lines
9.0 KiB
Plaintext

# This is loader.conf - a file full of useful variables that you can
# set to change the default load behavior of your system. You should
# not edit this file! Put any overrides into one of the
# loader_conf_files instead and you will be able to update these
# defaults later without spamming your local configuration information.
#
# All arguments must be in double quotes.
#
# $FreeBSD$
### Basic configuration options ############################
exec="echo Loading /boot/defaults/loader.conf"
kernel="kernel" # /boot sub-directory containing kernel and modules
bootfile="kernel" # Kernel name (possibly absolute path)
kernel_options="" # Flags to be passed to the kernel
loader_conf_files="/boot/device.hints /boot/loader.conf /boot/loader.conf.local"
loader_conf_dirs="/boot/loader.conf.d"
nextboot_conf="/boot/nextboot.conf"
verbose_loading="NO" # Set to YES for verbose loader output
### Splash screen configuration ############################
splash_bmp_load="NO" # Set this to YES for bmp splash screen!
splash_pcx_load="NO" # Set this to YES for pcx splash screen!
splash_txt_load="NO" # Set this to YES for TheDraw splash screen!
vesa_load="NO" # Set this to YES to load the vesa module
bitmap_load="NO" # Set this to YES if you want splash screen!
bitmap_name="splash.bmp" # Set this to the name of the file
bitmap_type="splash_image_data" # and place it on the module_path
### Screen saver modules ###################################
# This is best done in rc.conf
screensave_load="NO" # Set to YES to load a screensaver module
screensave_name="green_saver" # Set to the name of the screensaver module
### Early hostid configuration ############################
hostuuid_load="YES"
hostuuid_name="/etc/hostid"
hostuuid_type="hostuuid"
### Random number generator configuration ##################
# See rc.conf(5). The entropy_boot_file config variable must agree with the
# settings below.
entropy_cache_load="YES" # Set this to NO to disable loading
# cached entropy at boot time
entropy_cache_name="/boot/entropy" # Set this to the name of the file
entropy_cache_type="boot_entropy_cache" # Required for the kernel to find
# the boot-time entropy cache. This
# must not change value even if the
# _name above does change!
entropy_efi_seed="YES" # Set this to NO to disable loading
# entropy from the UEFI hardware random number generator API
### RAM Blacklist configuration ############################
ram_blacklist_load="NO" # Set this to YES to load a file
# containing a list of addresses to
# exclude from the running system.
ram_blacklist_name="/boot/blacklist.txt" # Set this to the name of the file
ram_blacklist_type="ram_blacklist" # Required for the kernel to find
# the blacklist module
### Microcode loading configuration ########################
cpu_microcode_load="NO" # Set this to YES to load and apply a
# microcode update file during boot.
cpu_microcode_name="/boot/firmware/ucode.bin" # Set this to the microcode
# update file path.
cpu_microcode_type="cpu_microcode" # Required for the kernel to find
# the microcode update file.
### ACPI settings ##########################################
acpi_dsdt_load="NO" # DSDT Overriding
acpi_dsdt_type="acpi_dsdt" # Don't change this
acpi_dsdt_name="/boot/acpi_dsdt.aml"
# Override DSDT in BIOS by this file
acpi_video_load="NO" # Load the ACPI video extension driver
### Audit settings #########################################
audit_event_load="NO" # Preload audit_event config
audit_event_name="/etc/security/audit_event"
audit_event_type="etc_security_audit_event"
### Initial memory disk settings ###########################
#mdroot_load="YES" # The "mdroot" prefix is arbitrary.
#mdroot_type="md_image" # Create md(4) disk at boot.
#mdroot_name="/boot/root.img" # Path to a file containing the image.
#rootdev="ufs:/dev/md0" # Set the root filesystem to md(4) device.
### Loader settings ########################################
#loader_delay="3" # Delay in seconds before loading anything.
# Default is unset and disabled (no delay).
#autoboot_delay="10" # Delay in seconds before autobooting,
# -1 for no user interrupts, NO to disable
#password="" # Prevent changes to boot options
#bootlock_password="" # Prevent booting (see check-password.4th(8))
#geom_eli_passphrase_prompt="NO" # Prompt for geli(8) passphrase to mount root
bootenv_autolist="YES" # Auto populate the list of ZFS Boot Environments
#beastie_disable="NO" # Turn the beastie boot menu on and off
efi_max_resolution="1x1" # Set the max resolution for EFI loader to use:
# 480p, 720p, 1080p, 2160p/4k, 5k, or specify
# WidthxHeight (e.g. 1920x1080)
#kernels="kernel kernel.old" # Kernels to display in the boot menu
kernels_autodetect="YES" # Auto-detect kernel directories in /boot
#loader_logo="orbbw" # Desired logo: orbbw, orb, fbsdbw, beastiebw, beastie, none
#comconsole_speed="9600" # Set the current serial console speed
#console="vidconsole" # A comma separated list of console(s)
#currdev="disk1s1a" # Set the current device
module_path="/boot/modules;/boot/dtb;/boot/dtb/overlays" # Set the module search path
module_blacklist="drm drm2 radeonkms i915kms amdgpu" # Loader module blacklist
#prompt="\\${interpret}" # Set the command prompt
#root_disk_unit="0" # Force the root disk unit number
#rootdev="disk1s1a" # Set the root filesystem
#dumpdev="disk1s1b" # Set a dump device early in the boot process
#tftp.blksize="1428" # Set the RFC 2348 TFTP block size.
# If the TFTP server does not support RFC 2348,
# the block size is set to 512. Valid: (8,9007)
#twiddle_divisor="16" # >16 slows down the progress indicator;
# <16 speeds up the progress indicator.
### Kernel settings ########################################
# The following boot_ variables are enabled by setting them to any value.
# Their presence in the kernel environment (see kenv(1)) has the same
# effect as setting the given boot flag (see boot(8)).
#boot_askname="" # -a: Prompt the user for the name of the root device
#boot_cdrom="" # -C: Attempt to mount root file system from CD-ROM
#boot_ddb="" # -d: Instructs the kernel to start in the DDB debugger
#boot_dfltroot="" # -r: Use the statically configured root file system
#boot_gdb="" # -g: Selects gdb-remote mode for the kernel debugger
#boot_multicons="" # -D: Use multiple consoles
#boot_mute="" # -m: Mute the console
#boot_pause="" # -p: Pause after each line during device probing
#boot_serial="" # -h: Use serial console
#boot_single="" # -s: Start system in single-user mode
#boot_verbose="" # -v: Causes extra debugging information to be printed
#init_path="/sbin/init:/sbin/oinit:/sbin/init.bak:/rescue/init"
# Sets the list of init candidates
#init_shell="/bin/sh" # The shell binary used by init(8).
#init_script="" # Initial script to run by init(8) before chrooting.
#init_chroot="" # Directory for init(8) to chroot into.
### Kernel tunables ########################################
#hw.physmem="1G" # Limit physical memory. See loader(8)
#kern.dfldsiz="" # Set the initial data size limit
#kern.dflssiz="" # Set the initial stack size limit
#kern.hz="100" # Set the kernel interval timer rate
#kern.maxbcache="" # Set the max buffer cache KVA storage
#kern.maxdsiz="" # Set the max data size
#kern.maxfiles="" # Set the sys. wide open files limit
#kern.maxproc="" # Set the maximum # of processes
#kern.maxssiz="" # Set the max stack size
#kern.maxswzone="" # Set the max swmeta KVA storage
#kern.maxtsiz="" # Set the max text size
#kern.maxusers="32" # Set size of various static tables
#kern.msgbufsize="65536" # Set size of kernel message buffer
#kern.nbuf="" # Set the number of buffer headers
#kern.ncallout="" # Set the maximum # of timer events
#kern.ngroups="1023" # Set the maximum # of supplemental groups
#kern.sgrowsiz="" # Set the amount to grow stack
#kern.cam.boot_delay="10000" # Delay (in ms) of root mount for CAM bus
# registration, useful for USB sticks as root
#kern.cam.scsi_delay="2000" # Delay (in ms) before probing SCSI
#kern.ipc.maxsockets="" # Set the maximum number of sockets available
#kern.ipc.nmbclusters="" # Set the number of mbuf clusters
#kern.ipc.nsfbufs="" # Set the number of sendfile(2) bufs
#net.inet.tcp.tcbhashsize="" # Set the value of TCBHASHSIZE
#vfs.root.mountfrom="" # Specify root partition
#vm.kmem_size="" # Sets the size of kernel memory (bytes)
#debug.kdb.break_to_debugger="0" # Allow console to break into debugger.
#debug.ktr.cpumask="0xf" # Bitmask of CPUs to enable KTR on
#debug.ktr.mask="0x1200" # Bitmask of KTR events to enable
#debug.ktr.verbose="1" # Enable console dump of KTR events
### Module loading syntax example ##########################
#module_load="YES" # loads module "module"
#module_name="realname" # uses "realname" instead of "module"
#module_type="type" # passes "-t type" to load
#module_flags="flags" # passes "flags" to the module
#module_before="cmd" # executes "cmd" before loading the module
#module_after="cmd" # executes "cmd" after loading the module
#module_error="cmd" # executes "cmd" if load fails