Move LOADER_{NO,}_GELI_SUPPORT to MK_LOADER_GELI
Transition to WITH/WITHOUT_LOADER_GELI to flag support or not of GELI in the boot loaders. Add HAVE_GELI so components can flag they need support (since it's too large to include everywhere). Add temporary warnings for the old forms to ease transition. Also, update test script to build without GELI on x86. Sponsored by: Netflix
This commit is contained in:
parent
a179cd9114
commit
4728f534ff
3
UPDATING
3
UPDATING
@ -53,7 +53,8 @@ NOTE TO PEOPLE WHO THINK THAT FreeBSD 12.x IS SLOW:
|
||||
|
||||
201711xx:
|
||||
The LOADER_FIREWIRE_SUPPORT build variable as been renamed to
|
||||
WITH_LOADER_FIREWIRE (or WITHOUT_LOADER_FIREWIRE).
|
||||
WITH/OUT_LOADER_FIREWIRE. LOADER_{NO_,}GELI_SUPPORT has been renamed
|
||||
to WITH/OUT_LOADER_GELI.
|
||||
|
||||
20171106:
|
||||
The naive and non-compliant support of posix_fallocate(2) in ZFS
|
||||
|
@ -119,6 +119,7 @@ __DEFAULT_YES_OPTIONS = \
|
||||
LIB32 \
|
||||
LIBPTHREAD \
|
||||
LIBTHR \
|
||||
LOADER_GELI \
|
||||
LOCALES \
|
||||
LOCATE \
|
||||
LPR \
|
||||
|
@ -85,10 +85,26 @@ CFLAGS+= -DLOADER_GPT_SUPPORT
|
||||
.if ${LOADER_MBR_SUPPORT:Uyes} == "yes"
|
||||
CFLAGS+= -DLOADER_MBR_SUPPORT
|
||||
.endif
|
||||
.if ${LOADER_GELI_SUPPORT:Uyes} == "yes"
|
||||
CFLAGS+= -DLOADER_GELI_SUPPORT
|
||||
|
||||
# GELI Support, with backward compat hooks
|
||||
.if defined(HAVE_GELI)
|
||||
.if defined(LOADER_NO_GELI_SUPPORT)
|
||||
MK_LOADER_GELI=no
|
||||
.warning "Please move from LOADER_NO_GELI_SUPPORT to WITHOUT_LOADER_GELI"
|
||||
.endif
|
||||
.if defined(LOADER_GELI_SUPPORT)
|
||||
MK_LOADER_GELI=yes
|
||||
.warning "Please move from LOADER_GELI_SUPPORT to WITH_LOADER_GELI"
|
||||
.endif
|
||||
.if ${MK_LOADER_GELI} == "yes"
|
||||
CFLAGS+= -DLOADER_GELI_SUPPORT
|
||||
CFLAGS+= -I${BOOTSRC}/geli
|
||||
LIBGELIBOOT= ${BOOTOBJ}/geli/libgeliboot.a
|
||||
.endif
|
||||
.endif
|
||||
.endif
|
||||
|
||||
CFLAGS+= -I${SYSDIR}
|
||||
|
||||
# All PowerPC builds are 32 bit. We have no 64-bit loaders on powerpc
|
||||
# or powerpc64.
|
||||
|
@ -49,5 +49,9 @@ SRCS+= rijndael-alg-fst.c rijndael-api-fst.c rijndael-api.c
|
||||
CFLAGS+= -D_STAND
|
||||
SRCS+= geliboot_crypto.c g_eli_hmac.c g_eli_key.c g_eli_key_cache.c pkcs5v2.c
|
||||
|
||||
# aes
|
||||
.PATH: ${SYSDIR}/opencrypto
|
||||
SRCS+= xform_aes_xts.c
|
||||
|
||||
.include <bsd.stand.mk>
|
||||
.include <bsd.lib.mk>
|
||||
|
@ -1,5 +1,7 @@
|
||||
# $FreeBSD$
|
||||
|
||||
HAVE_GELI= yes
|
||||
|
||||
.include <bsd.init.mk>
|
||||
|
||||
.PATH: ${BOOTSRC}/i386/boot2 ${BOOTSRC}/i386/common ${SASRC}
|
||||
@ -41,14 +43,6 @@ CFLAGS+=-DBOOTPROG=\"gptboot\" \
|
||||
|
||||
CFLAGS.gcc+= --param max-inline-insns-single=100
|
||||
|
||||
.if ${LOADER_GELI_SUPPORT:Uyes} == "yes"
|
||||
CFLAGS+= -DLOADER_GELI_SUPPORT
|
||||
CFLAGS+= -I${BOOTSRC}/geli
|
||||
LIBGELIBOOT= ${BOOTOBJ}/geli/libgeliboot.a
|
||||
.PATH: ${SYSDIR}/opencrypto
|
||||
OPENCRYPTO_XTS= xform_aes_xts.o
|
||||
.endif
|
||||
|
||||
LD_FLAGS+=${LD_FLAGS_BIN}
|
||||
|
||||
CLEANFILES= gptboot
|
||||
@ -66,12 +60,12 @@ gptldr.out: gptldr.o
|
||||
${LD} ${LD_FLAGS} -e start -Ttext ${ORG1} -o ${.TARGET} gptldr.o
|
||||
|
||||
CLEANFILES+= gptboot.bin gptboot.out gptboot.o sio.o crc32.o drv.o \
|
||||
cons.o util.o ${OPENCRYPTO_XTS}
|
||||
cons.o ${OPENCRYPTO_XTS}
|
||||
|
||||
gptboot.bin: gptboot.out
|
||||
${OBJCOPY} -S -O binary gptboot.out ${.TARGET}
|
||||
|
||||
gptboot.out: ${BTXCRT} gptboot.o sio.o crc32.o drv.o cons.o util.o ${OPENCRYPTO_XTS}
|
||||
gptboot.out: ${BTXCRT} gptboot.o sio.o crc32.o drv.o cons.o ${OPENCRYPTO_XTS}
|
||||
${LD} ${LD_FLAGS} -Ttext ${ORG2} -o ${.TARGET} ${.ALLSRC} ${LIBGELIBOOT} ${LIBSA32}
|
||||
|
||||
gptboot.o: ${SASRC}/ufsread.c
|
||||
|
@ -1,5 +1,7 @@
|
||||
# $FreeBSD$
|
||||
|
||||
HAVE_GPT= yes
|
||||
|
||||
.include <bsd.init.mk>
|
||||
|
||||
.PATH: ${BOOTSRC}/i386/boot2 ${BOOTSRC}/i386/gptboot \
|
||||
@ -50,14 +52,6 @@ LIBZFSBOOT=${BOOTOBJ}/zfs32/libzfsboot.a
|
||||
LIBZFSBOOT=${BOOTOBJ}/zfs/libzfsboot.a
|
||||
.endif
|
||||
|
||||
.if ${LOADER_GELI_SUPPORT:Uyes} == "yes"
|
||||
CFLAGS+= -DLOADER_GELI_SUPPORT
|
||||
CFLAGS+= -I${BOOTSRC}/geli
|
||||
LIBGELIBOOT= ${BOOTOBJ}/geli/libgeliboot.a
|
||||
.PATH: ${SYSDIR}/opencrypto
|
||||
OPENCRYPTO_XTS= xform_aes_xts.o
|
||||
.endif
|
||||
|
||||
CFLAGS.gcc+= --param max-inline-insns-single=100
|
||||
|
||||
LD_FLAGS+=${LD_FLAGS_BIN}
|
||||
|
@ -1,5 +1,8 @@
|
||||
# $FreeBSD$
|
||||
|
||||
HAVE_GPT= yes
|
||||
HAVE_GELI= yes
|
||||
|
||||
.include <bsd.init.mk>
|
||||
|
||||
LIB= i386
|
||||
@ -25,12 +28,6 @@ CFLAGS+= -DCOMSPEED=${BOOT_COMCONSOLE_SPEED}
|
||||
CFLAGS+= -DDISK_DEBUG
|
||||
.endif
|
||||
|
||||
.if ${LOADER_GELI_SUPPORT:Uyes} == "yes"
|
||||
# Decrypt encrypted drives
|
||||
CFLAGS+= -DLOADER_GELI_SUPPORT
|
||||
CFLAGS+= -I${BOOTSRC}/geli
|
||||
.endif
|
||||
|
||||
.if !defined(BOOT_HIDE_SERIAL_NUMBERS)
|
||||
# Export serial numbers, UUID, and asset tag from loader.
|
||||
CFLAGS+= -DSMBIOS_SERIAL_NUMBERS
|
||||
|
@ -1,5 +1,7 @@
|
||||
# $FreeBSD$
|
||||
|
||||
HAVE_GELI= yes
|
||||
|
||||
LOADER_NET_SUPPORT?= yes
|
||||
LOADER_NFS_SUPPORT?= yes
|
||||
LOADER_TFTP_SUPPORT?= yes
|
||||
@ -38,15 +40,6 @@ CFLAGS+= -DLOADER_FIREWIRE_SUPPORT
|
||||
LIBFIREWIRE= ${BOOTOBJ}/i386/libfirewire/libfirewire.a
|
||||
.endif
|
||||
|
||||
.if ${LOADER_GELI_SUPPORT:Uyes} == "yes"
|
||||
CFLAGS+= -DLOADER_GELI_SUPPORT
|
||||
CFLAGS+= -I${BOOTSRC}/geli
|
||||
LIBGELIBOOT= ${BOOTOBJ}/geli/libgeliboot.a
|
||||
.PATH: ${SYSDIR}/opencrypto
|
||||
SRCS+= xform_aes_xts.c
|
||||
CFLAGS+= -I${SYSDIR} -D_STAND
|
||||
.endif
|
||||
|
||||
# Always add MI sources
|
||||
.include "${BOOTSRC}/loader.mk"
|
||||
CFLAGS+= -I.
|
||||
|
@ -1,6 +1,6 @@
|
||||
# $FreeBSD$
|
||||
|
||||
LOADER_GELI_SUPPORT=no
|
||||
HAVE_GELI=yes
|
||||
|
||||
.include <bsd.init.mk>
|
||||
|
||||
@ -60,7 +60,7 @@ zfsldr.out: zfsldr.o
|
||||
${LD} ${LD_FLAGS} -e start -Ttext ${ORG1} -o ${.TARGET} zfsldr.o
|
||||
|
||||
CLEANFILES+= zfsboot2 zfsboot.ld zfsboot.ldr zfsboot.bin zfsboot.out \
|
||||
zfsboot.o zfsboot.s zfsboot.s.tmp sio.o cons.o drv.o util.o
|
||||
zfsboot.o zfsboot.s zfsboot.s.tmp sio.o cons.o drv.o
|
||||
|
||||
# We currently allow 128k bytes for zfsboot - in practice it could be
|
||||
# any size up to 3.5Mb but keeping it fixed size simplifies zfsldr.
|
||||
@ -82,8 +82,8 @@ zfsboot.ldr:
|
||||
zfsboot.bin: zfsboot.out
|
||||
${OBJCOPY} -S -O binary zfsboot.out ${.TARGET}
|
||||
|
||||
zfsboot.out: ${BTXCRT} zfsboot.o sio.o drv.o cons.o util.o
|
||||
${LD} ${LD_FLAGS} -Ttext ${ORG2} -o ${.TARGET} ${.ALLSRC} ${LIBZFSBOOT} ${LIBSA32}
|
||||
zfsboot.out: ${BTXCRT} zfsboot.o sio.o drv.o cons.o
|
||||
${LD} ${LD_FLAGS} -Ttext ${ORG2} -o ${.TARGET} ${.ALLSRC} ${LIBZFSBOOT} ${LIBGELIBOOT} ${LIBSA32}
|
||||
|
||||
SRCS= zfsboot.c
|
||||
|
||||
|
@ -5,6 +5,5 @@ NEWVERSWHAT= "ZFS enabled bootstrap loader" x86
|
||||
LOADER_ONLY= yes
|
||||
HAVE_ZFS= yes
|
||||
|
||||
.include <bsd.init.mk>
|
||||
.include "${BOOTSRC}/i386/loader/Makefile"
|
||||
.include "${.CURDIR}/../loader/Makefile"
|
||||
|
||||
|
@ -22,6 +22,7 @@ VERSION_FILE= ${.CURDIR}/../loader/version
|
||||
INSTALLFLAGS= -b
|
||||
|
||||
# Architecture-specific loader code
|
||||
.PATH: ${BOOTSRC}/sparc64/loader
|
||||
SRCS= locore.S main.c metadata.c vers.c
|
||||
|
||||
.if ${LOADER_DEBUG} == "yes"
|
||||
|
@ -1,7 +1,5 @@
|
||||
# $FreeBSD$
|
||||
|
||||
.PATH: ${.CURDIR}/../loader
|
||||
|
||||
PROG= zfsloader
|
||||
NEWVERSWHAT= "ZFS enabled bootstrap loader" sparc64
|
||||
HAVE_ZFS= yes
|
||||
|
@ -63,7 +63,7 @@ for i in \
|
||||
sparc64/sparc64 \
|
||||
; do
|
||||
ta=${i##*/}
|
||||
dobuild $ta _.boot.${ta}.noZFS.log "MK_ZFS=no"
|
||||
dobuild $ta _.boot.${ta}.no_zfs.log "MK_ZFS=no"
|
||||
done
|
||||
|
||||
# Build with firewire
|
||||
@ -74,3 +74,12 @@ for i in \
|
||||
ta=${i##*/}
|
||||
dobuild $ta _.boot.${ta}.firewire.log "MK_LOADER_FIREWIRE=yes"
|
||||
done
|
||||
|
||||
# Build without GELI
|
||||
for i in \
|
||||
amd64/amd64 \
|
||||
i386/i386 \
|
||||
; do
|
||||
ta=${i##*/}
|
||||
dobuild $ta _.boot.${ta}.no_geli.log "MK_LOADER_GELI=no"
|
||||
done
|
||||
|
2
tools/build/options/WITHOUT_LOADER_GEIL
Normal file
2
tools/build/options/WITHOUT_LOADER_GEIL
Normal file
@ -0,0 +1,2 @@
|
||||
.\" $FreeBSD$
|
||||
Disable inclusion of GELI crypto support in the boot chain binaries.
|
Loading…
x
Reference in New Issue
Block a user