Commit Graph

53 Commits

Author SHA1 Message Date
Warner Losh
e713d3a013 boot: fix OBJS to not include BTX's crt0.o
According to comments in the Makefile, to make pxeboot work we need to
have crt0.o first. This is needed because the simplified loader in
pxeboot assumes that the startup code is at offset 0 in this binary. In
normal booting, the start address can be obtained from headers of the
binary, but since pxeboot encodes this as a pure binary, it has no way
of knowing where that is and assumes 0. Added comments to that effect
in the Makefile.

We've done this by adding it to OBJS before all the other .o's are
added. However, there's a problem. This also adds it to the CLEANFILES
variable, which causes it to be removed from multiple places. The
dependencies may also cause it to be re-built at a time that's after
boot2 is built. This causes installs to fail because at install time
boot2 is considered to be out of date and the programs to rebuild it are
no longer in the path.

Cope with this problem by just adding it to LDFLAGS instead.

Glanced at by:		kevans ("I thought that went in ages ago")
Sponsored by:		Netflix
Differential Revision:	https://reviews.freebsd.org/D28876
2021-05-06 13:08:30 -06:00
Toomas Soome
6c789c55c4 loader: create built in font from bold font face
We did replace full version of default font 8x16v with bold, also
use bold version for built in font.
2021-01-23 10:53:30 +02:00
Toomas Soome
3630506b9d loader: implement framebuffer console
Draw console on efi.
Add vbe framebuffer for BIOS loader (vbe off, vbe on, vbe list,
vbe set xxx).
autoload font (/boot/fonts) based on resolution and font size.
Add command loadfont (set font by file) and
variable screen.font (set font by size). Pass loaded font to kernel.

Export variables:
screen.height
screen.width
screen.depth

Add gfx primitives to draw the screen and put png image on the screen.
Rework menu draw to iterate list of consoles to enamble device specific
output.

Probably something else I forgot...

Relnotes: yes
Differential Revision: https://reviews.freebsd.org/D27420
2021-01-02 21:41:36 +02:00
Toomas Soome
1dc762d4fb loader: fix non-zfs build
We can not include zfs headers while building without zfs.

Reported by:	Oscar Holmlund
2020-09-23 19:15:22 +00:00
Toomas Soome
e307eb94ae loader: zfs should support bootonce an nextboot
bootonce feature is temporary, one time boot, activated by
"bectl activate -t BE", "bectl activate -T BE" will reset the bootonce flag.

By default, the bootonce setting is reset on attempt to boot and the next
boot will use previously active BE.

By setting zfs_bootonce_activate="YES" in rc.conf, the bootonce BE will
be set permanently active.

bootonce dataset name is recorded in boot pool labels, bootenv area.

in case of nextboot, the nextboot_enable boolean variable is recorded in
freebsd:nvstore nvlist, also stored in boot pool label bootenv area.
On boot, the loader will process /boot/nextboot.conf if nextboot_enable
is "YES", and will set nextboot_enable to "NO", preventing /boot/nextboot.conf
processing on next boot.

bootonce and nextboot features are usable in both UEFI and BIOS boot.

To use bootonce/nextboot features, the boot loader needs to be updated on disk;
if loader.efi is stored on ESP, then ESP needs to be updated and
for BIOS boot, stage2 (zfsboot or gptzfsboot) needs to be updated
(gpart or other tools).

At this time, only lua loader is updated.

Sponsored by:	Netflix, Klara Inc.
Differential Revision:	https://reviews.freebsd.org/D25512
2020-09-21 09:01:10 +00:00
Mariusz Zaborski
277f38abff zfs: add an option to the bootloader to rewind the ZFS checkpoint
The checkpoints are another way of keeping the state of ZFS.
During the rewind, the pool has to be exported.
This makes checkpoints unusable when using ZFS as root.
Add the option to rewind the ZFS checkpoint at the boot time.
If checkpoint exists, a new option for rewinding a checkpoint will appear in
the bootloader menu.
We fully support boot environments.
If the rewind option is selected, the boot loader will show a list of
boot environments that existed before the checkpoint.

Reviewed by:	tsoome, allanjude, kevans (ok with high-level overview)
Differential Revision:	https://reviews.freebsd.org/D24920
2020-08-18 19:48:04 +00:00
Alex Richardson
1a18ab420b Allow overriding the tool used for stripping binaries
Since the make variable STRIP is already used for other purposes, this
uses STRIPBIN (which is also used for the same purpose by install(1).
This allows using LLVM objcopy to strip binaries instead of the in-tree
elftoolchain objcopy. We make use of this in CheriBSD since passing
binaries generated by our toolchain to elftoolchain strip sometimes results
in assertion failures.

This allows working around https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=248516
by specifying STRIPBIN=/path/to/llvm-strip

Obtained from:	CheriBSD
Reviewed By:	emaste, brooks
Differential Revision: https://reviews.freebsd.org/D25988
2020-08-11 16:46:27 +00:00
Simon J. Gerraty
f2be828f97 Revert that! 2020-07-19 23:56:19 +00:00
Simon J. Gerraty
e17f5b1d30 Oops missed Makefile.config 2020-07-19 23:54:00 +00:00
Toomas Soome
97dd57e66c loader: cstyle cleanup
No functional changes intended.

Sponsored by:	Netflix, Klara Inc.
2020-07-19 06:59:09 +00:00
Simon J. Gerraty
91cd69ee2c veloader use vectx API for kernel and modules
The vectx API, computes the hash for verifying a file as it is read.
This avoids the overhead of reading files twice - once to verify, then
again to load.

For doing an install via loader, avoiding the need to rewind
large files is critical.

This API is only used for modules, kernel and mdimage as these are the
biggest files read by the loader.
The reduction in boot time depends on how expensive the I/O is
on any given platform.  On a fast VM we see 6% improvement.

For install via loader the first file to be verified is likely to be the
kernel, so some of the prep work (finding manifest etc) done by
verify_file() needs to be factored so it can be reused for
vectx_open().

For missing or unrecognized fingerprint entries, we fail
in vectx_open() unless verifying is disabled.

Otherwise fingerprint check happens in vectx_close() and
since this API is only used for files which must be verified
(VE_MUST) we panic if we get an incorrect hash.

Reviewed by:	imp,tsoome
MFC after:	1 week
Sponsored by:	Juniper Networks
Differential Revision:	https://reviews.freebsd.org//D23827
2020-03-09 16:02:54 +00:00
Simon J. Gerraty
afc571b1a6 veloader use vectx API for kernel and modules
The vectx API, computes the hash for verifying a file as it is read.
This avoids the overhead of reading files twice - once to verify, then
again to load.

For doing an install via loader, avoiding the need to rewind
large files is critical.

This API is only used for modules, kernel and mdimage as these are the
biggest files read by the loader.
The reduction in boot time depends on how expensive the I/O is
on any given platform.  On a fast VM we see 6% improvement.

For install via loader the first file to be verified is likely to be the
kernel, so some of the prep work (finding manifest etc) done by
verify_file() needs to be factored so it can be reused for
vectx_open().

For missing or unrecognized fingerprint entries, we fail
in vectx_open() unless verifying is disabled.

Otherwise fingerprint check happens in vectx_close() and
since this API is only used for files which must be verified
(VE_MUST) we panic if we get an incorrect hash.

Reviewed by:	imp,tsoome
MFC after:	1 week
Sponsored by:	Juniper Networks
Differential Revision:	https://reviews.freebsd.org//D23827
2020-03-08 17:42:42 +00:00
Dimitry Andric
a2037dba7e Link stand/i386 components using a linker script
LLD 10.0.0 changed the behavior of the -Ttext option, so that using
-Ttext=0x0 now causes linking of the loaders to fail with:

ld: error: output file too large: 18446744073707016908 bytes

I reported this in https://bugs.llvm.org/show_bug.cgi?id=44715, and
initially reverted the upstream change in r357259 to work around it.

However, after some discussion with Fangrui Song in the upstream ticket,
I think we can classify this as an unfortunate interaction between using
-Ttext=0 in combination with --no-rosegment.  (We added the latter
in r332090, because btxld does not correctly handle input with more
than 2 PT_LOAD segments.)

Fangrui suggested to use a linker script instead, and Warner was already
attempting this in r305353, but had to revert it due to "crypto-using
boot problems" (not sure what those were :).

This review updates the stand/i386/boot.ldscript to handle more
sections, inserts some symbols like _edata and such that we use in
libsa, and also discards any .interp section.

It uses ORG which is defined on the linker command line using
--defsym ORG=value to set the start of all the sections.

Reviewed by:	imp
MFC after:	2 weeks
Differential Revision: https://reviews.freebsd.org/D23952
2020-03-04 21:01:22 +00:00
Warner Losh
a64f0b83e5 Move smbios.c to libsa.
smbios used to be an i386 only kinda weird quirk to the x86
architecture. But UEFI picked it up, dusted it off and now it's many
other locations. Make it base technology by moving it to libsa and
fixing up the compliation. The code has issues with unaligned access
still, but that will be addressed in a followup commit.

Differential Revision: https://reviews.freebsd.org/D23660
2020-02-20 00:46:22 +00:00
Warner Losh
ed2a65769a Create ptov() function.
Create a ptov() function. It's basically the same as the btx PTOV
macro, but works everywhere. smbios needs this to translate addresses,
but the translation differs between BIOS booting and EFI booting. Make
it a function so one smbios.o can be used everywhere. Provide
definitions for it in the two loaders affected.

Differential Revision: https://reviews.freebsd.org/D23660
2020-02-20 00:46:16 +00:00
Simon J. Gerraty
e9b148a318 Add support for hypervisor check on x86
Add ficl words for isvirtualized
and move ficl inb and outb words to ficl/x86/sysdep.c
so can be shared by i386 and amd64

Reviewed by:	imp bdrewery
MFC after:	1 week
Sponsored by:	Juniper Networks
Differential Revision:	https://reviews.freebsd.org/D22069
2019-10-24 20:02:48 +00:00
Toomas Soome
e7da26b6ca loader: vidconsole should set LINES and COLUMNS
Set LINES and COLUMNS based on terminal dimensions.
2019-09-10 21:53:42 +00:00
Toomas Soome
094b40659f loader: --gc-sections needs sections to work with
--gc-sections is not really useful unless we generate sections with
-ffunction-sections -fdata-sections

While there, i386/loader would win from --gc-sections too.
2019-09-08 19:39:45 +00:00
Marcin Wojtas
435672e322 Verify files loaded in chain command.
The chain command can be used to chain load another binary.
If veriexec is enabled we should verify it first.
Note that on EFI systems the verification was already done
through firmware, assuming that Secure Boot was enabled there.

Submitted by: Kornel Duleba <mindal@semihalf.com>
Reviewed by: sjg
MFC after: 1 week
Obtained from: Semihalf
Differential Revision: https://reviews.freebsd.org/D20952
2019-08-08 17:03:30 +00:00
Warner Losh
f5a95d9a07 Remove NAND and NANDFS support
NANDFS has been broken for years. Remove it. The NAND drivers that
remain are for ancient parts that are no longer relevant. They are
polled, have terrible performance and just for ancient arm
hardware. NAND parts have evolved significantly from this early work
and little to none of it would be relevant should someone need to
update to support raw nand. This code has been off by default for
years and has violated the vnode protocol leading to panics since it
was committed.

Numerous posts to arch@ and other locations have found no actual users
for this software.

Relnotes:	Yes
No Objection From: arch@
Differential Revision: https://reviews.freebsd.org/D20745
2019-06-25 04:50:09 +00:00
Toomas Soome
4914ee11ae loader: implement map-vdisk and unmap-vdisk commands
illumos update: https://www.illumos.org/issues/10598

Add map-vdisk and unmap-vdisk commands to create virtual disk interface on top of file. This will allow to use disk image from file system to load and start the kernel.

By mapping file, we create vdiskX device, the device will be listed by lsdev [-v] and can be accessed directly as ls vdisk0p1:/path or can be used as value for currdev variable.

vdisk strategy function does not use bcache as we have bcache used with backing file. vdisk can be unmapped when all consumers have closed the open files.

In first iteration we do not support the zfs images because zfs pools do keep the device open (there is no "zpool export" mechanism). Adding zfs support is relatively simple, we just need to run zfs disk probe after mapping is done.

Differential Revision:	https://reviews.freebsd.org/D19733
2019-04-26 17:58:44 +00:00
Simon J. Gerraty
8df8b2d3e5 Enable veriexec for loader
This relies on libbearssl and libsecureboot
to verify files read by loader in a maner equivalent
to how mac_veriexec

Note: disabled by default.
Use is initially expected to be by embeded vendors

Reviewed by:	emaste, imp
Sponsored by:	Juniper Networks
Differential Revision:	D16336
2019-02-26 06:22:10 +00:00
Matt Macy
fbeb31a26b MK_ZFS -> {MK_ZFS|MK_LOADER_ZFS}, this is so we can diable userland / kernel
ZFS but keep the boot-loaders when using ZoL port.

MFC after: 1 week
Reviewed by: rgrimes
Differential Revision: https://reviews.freebsd.org/D18739
2019-01-05 22:45:20 +00:00
Ian Lepore
9631ae8267 Don't reference zfs-specific variables if LOADER_ZFS_SUPPORT is undefined
because the variables will be undefined too.

Reported by:	sjg@
Pointy hat:	ian@
2018-12-06 20:28:09 +00:00
Ian Lepore
7297dc4441 Fix args cross-threading between gptboot(8) and loader(8) with zfs support.
When loader(8) is built with zfs support enabled, it assumes that any extarg
data present is a zfs_boot_args struct, but if the first-stage loader was
gptboot(8) the extarg data is actually a geli_boot_args struct.  Luckily,
zfsboot(8) and gptzfsboot(8) have always passed KARGS_FLAGS_ZFS along with
KARGS_FLAGS_EXTARG, so we can use KARGS_FLAGS_ZFS to decide whether the
extarg data is a zfs_boot_args struct.

To avoid similar problems in the future, gptboot(8) now passes a new
KARGS_FLAGS_GELI to indicate that extarg data is geli_boot_args.  In
loader(8), if the neither KARGS_FLAGS_ZFS nor KARGS_FLAGS_GELI is set but
extarg data is present (which will be the case for gptboot compiled before
this change), we now check for the known size of the geli_boot_args struct
passed by the older versions of gptboot as a way of confirming what type of
extarg data is present.

In a semi-related tidying up, since loader's main() has already decided
what type of extarg data is present and set the global 'zargs' var
accordingly, don't repeat the check in extract_currdev, just check whether
zargs is NULL or not.

X-MFC after:	a few days, along with prior related changes.
2018-12-04 16:43:50 +00:00
Ian Lepore
df108aafe9 Eliminate duplicated code and struct member definitions in the handoff
of args data between gptboot/zfsboot and loader(8).

Despite what seems like a lot of changes here, there are no actual
changes in behavior, or in the data layout in the structures involved.
This is just eliminating identical code pasted into multiple locations.

In detail, the changes are...

- Move struct zfs_boot_args definition from libsa/zfs/libzfs.h to
  i386/common/bootargs.h because it is specific to x86 booting and the
  handoff between zfsboot and loader, and has no relation to the zfs
  library code in general.

- The geli_boot_args and zfs_boot_args structs both contain an identical
  set of member variables containing geli information.  Extract this out
  to a new geli_boot_data struct, and embed it in the arg-passing structs.

- Provide new routines geli_import_boot_data() and geli_export_boot_data()
  that can be shared between gptboot, zfsboot, and loader instead of
  pasting identical code into several different .c files.

- Remove some checks for a NULL pointer that can never be true because the
  pointer being tested was set using pointer math (kargs + 1) and that can
  never result in NULL in this code.
2018-12-03 03:58:30 +00:00
Toomas Soome
cdff10360e loader: create separate lists for fd, cd and hd, merge bioscd with biosdisk
Create unified block IO implementation in BIOS version, like it is done in UEFI
side. Implement fd, disk and cd device lists, this will split floppy devices
from disks and will allow us to have consistent, predictable device naming
(modulo BIOS issues).

Differential Revision:	https://reviews.freebsd.org/D17888
2018-11-30 08:01:11 +00:00
Toomas Soome
c50609fc32 loader: do not probe floppy devices for zfs
The subject is telling it all.
2018-11-02 09:47:18 +00:00
Toomas Soome
45a3e13ca8 loader: bios loader should allow to chain load a file
The current chain command does accept only device, allow also a file to be used,
such as /boot/pmbr or /boot/mbr (or stored third party MBR/VBR block).

Also fix file descriptor leak.
2018-08-22 10:04:42 +00:00
Warner Losh
9d45c24cc4 Create a loader for each interpreter for x86 BIOS and all EFI
Create loader_{4th,lua,simp}{,.efi}. All of these are installed by
default. Create LOADER_DEFAULT_INTERP to specify the default
interpreter when no other is specified. LOADER_INTERP is the current
interpreter language building. Turn building of lua on by default to
match 4th. simploader is a simplified loader build w/o any interpreter
language (but with a simple loader).  This is the historic behavir you
got with WITHOUT_FORTH. Make a hard link to the default loader. This
has to be a hard link rather than the more desirable soft link because
older zfsboot blocks don't support symlinks.

RelNotes: Yes
Differential Revision: https://reviews.freebsd.org/D16705
2018-08-14 18:44:41 +00:00
Warner Losh
3b74102205 Older zfs boot blocks don't support symlinks. install the link to
zfsloader as a hard link. While newer ones do, the whole point of the
link was to transition to the new world order smoothly. A hard link is
less flexible, but it works and will result in fewer bumps. Adjust
UPDATING entry to match.
2018-07-23 06:04:05 +00:00
Warner Losh
060679ef9c Collapse zfsloader functionality back down into loader.
We no longer really need a separate zfsloader. It was useful when we
were first supporting ZFS and had limited ability to properly boot off
of ZFS without the special boot loader. Now that the boot loader has
matured, go the way loader.efi pioneered and just build one
binary. Change the name of the loader to load in the secondary boot
blocks to be just /boot/loader. Provide a symbolic link from zfsloader
to loader so people who have not upgraded their boot blocks are not
affected. This has the happy benefit of making coexistence easier as
well (fewer binaries in the matrix).

Discussed with: allanjude@, kevans@
RelNotes: Yes
Sponsored by: Netflix
Differential Revision: https://reviews.freebsd.org/D16361
2018-07-20 05:17:37 +00:00
Ian Lepore
c1418270b2 Extend loader(8) geli support to all architectures and all disk-like devices.
This moves the bulk of the geli support from lib386/biosdisk.c into a new
geli/gelidev.c which implements a devsw-type device whose dv_strategy()
function handles geli decryption. Support for all arches comes from moving
the taste-and-attach code to the devopen() function in libsa.

After opening any DEVT_DISK device, devopen() calls the new function
geli_probe_and_attach(), which will "attach" the geli code to the open_file
struct by creating a geli_devdesc instance to replace the disk_devdesc
instance in the open_file. That routes all IO for the device through the
geli code.

A new public geli_add_key() function is added, to allow arch/vendor-specific
code to add keys obtained from custom hardware or other sources.

With these changes, geli support will be compiled into all variations of
loader(8) on all arches because the default is WITH_LOADER_GELI.

Relnotes:	yes
Sponsored by:	Microchip Technology Inc
Differential Revision:	https://reviews.freebsd.org/D15743
2018-07-13 17:50:25 +00:00
Warner Losh
007b82d7ab Stop using ../zfs/libzfs.h but instead use libzfs.h.
While ../zfs/libzfs.h mostly works, there are a few situations where
it does not. Eliminate the problem by using plain libzfs.h, like we do
for ufs support. This fixes the weird cases, and is easier to
understand. It also follows the general style convetion of avoiding
../ in #includes.
2018-07-08 07:42:58 +00:00
Warner Losh
b8902de147 Move ZFS files into libsa
Move the libzfs stuff into libsa. There's no need for it to be a
separate library. The separate library adds to the issues of build
ordering that we see from time to time. Move the filesystem support
into libsa, like all the other filesystem support rather than making
zfs the odd-duck out.

Discussed with: allanjude@
2018-07-08 07:42:49 +00:00
Warner Losh
62bd02cee5 stand: move libgeliboot into libsa.
Reduce by 1 the number of crazy libraries we need in stand by moving
geli into libsa (where architecturally it belonged all along). This
just moves things around without any code changes.
2018-06-18 16:24:42 +00:00
Warner Losh
5f88ee4479 bootprog_info is generated in vers.c. Move it's definition to
bootstrap.h and remove all the redundant copies.

Sponsored by: Netflix
2018-06-14 06:41:33 +00:00
Warner Losh
7afc7a8717 Revert r332275, r332272, r332270
There's problems with them. The order of efi stuff isn't quite right,
and there's various problems. Revert until thos problems can be fixed.

Reviewed by: kevans@
2018-04-11 18:02:13 +00:00
Toomas Soome
74837c798c loader: 332270 did left out stand/i386/loader/loader.rc
we have 2 instances of loader.rc...
2018-04-08 13:40:38 +00:00
Kyle Evans
5ef2174a50 Forth version of EFI autoresizing
r331321 delegated autoresizing to an efi-autoresizecons command that
currently is expected to be done in forth/lua prior to drawing anything
useful.

Add the Forth version of the lua addition in r331321, hook efi.4th up to be
installed.

efiboot? was written by dteske@; anything outside of that may be blamed on
me.
2018-03-21 22:01:51 +00:00
Warner Losh
56e53cb8ef Prefer uintXX_t to u_intXX_t
A foolish consistency is the hobgoblin of little minds, adored by
little statesmen and philosophers and divines. With consistency a
great soul has simply nothing to do. -- Ralph Waldo Emerson
2018-03-13 16:33:00 +00:00
Warner Losh
ad00892f4c Remove d_type from devdesc. It's not needed as we can fetch it from
d_dev->dv_type when we need it.
2018-03-12 21:39:59 +00:00
Warner Losh
de04d704a9 Use the actual struct devdesc at the start of all *_devdesc structs
The current system is fragile and requires very careful layout of all
*_devdesc structures. It also makes it hard to change the base
devdesc. Take a page from CAM and put the 'header' in all the derived
classes and adjust the code to match.

For OFW, move the iHandle h_handle out of a slot conflicting with
d_opendata. Due to quirks in the alignment rules, this worked.
However changing the code to use d_opendata storage now that it's a
pointer is hard, so just have a separate field for it.

All other cleanups were to make the *_devdesc structures match where
they'd taken some liberties that were none-the-less compatible enough
to work.
2018-03-12 21:39:49 +00:00
Warner Losh
8f46043b21 Honor settings for including / excluding cd9660, ufs, ext2fs and msdos.
The Makefile gives the impression that ext2fs and msdos were excluded
(they weren't) and that you could exclude cd9660 and ufs support (you
couldn't). Allow those to be excluded.

We need to look, in the future, at trimming the number of supported
filesystems, and this will make that easier.
2018-02-21 15:58:00 +00:00
Warner Losh
4784aef9f5 Consolidate three copies of ZFS commands into a central location.
There's no reason to have multiple copies of lszfs and
reloadbe. Consolidate them into one location. Also ldi_get_size is the
same everywhere (except sparc64). Make it the same everywhere as the
common definition is more general and will work on spar64.
2018-02-21 15:57:36 +00:00
Warner Losh
891b84a3aa Invent new LDR_INTERP for the loader interpreter to use. Use this in
preference to LIBFICL{,32}. LIBFICL{,32} are now always defined, but
LDR_INTERP{,32} is defined empty when building w/o forth (aka the
simple interpreter) and defined to LIBFICL{,32} when we are building
forth.
2018-02-02 15:40:49 +00:00
Warner Losh
8299b37f85 Centralize several variables.
MK_CTF, MK_SSP, MK_PROFILE, NO_PIC, and INTERNALLIB are always the
same, so set them in defs.mk. MAN= is common, so set it here too.
This removes a lot of boring repetition from the Makefiles that added
almost no value.
2018-02-02 06:32:26 +00:00
Warner Losh
ca481bffc2 Hoist btx include stuff to i386/Makefile.inc
Sponsored by: Netflix
2017-12-19 04:06:02 +00:00
Warner Losh
6bc860372d Interact is always called with NULL. Simplify code a little by
removing this argument, and expanding when rc is NULL. This
effectively completes the back out of custom scripts for tftp booted
loaders from r269153 that was started in r292344 with the new path
tricks that obsoleted it.

Submitted by: Netflix
2017-12-19 04:05:55 +00:00
Warner Losh
25c2f4cb95 Move loader help file definitions to being 100% inside of loader.mk.
HELP_FILES is a loader only thing, so move it to loader.mk. Only
generate the help file if HELP_FILES is defined. Adjust Makefiles to
new convention. Fix a few cases where ${.CURDIR}/ was missing
resulting in missing bits from the help files.

Sponsored by: Netflix
2017-12-18 04:51:34 +00:00