This moves the bulk of the geli support from lib386/biosdisk.c into a new
geli/gelidev.c which implements a devsw-type device whose dv_strategy()
function handles geli decryption. Support for all arches comes from moving
the taste-and-attach code to the devopen() function in libsa.
After opening any DEVT_DISK device, devopen() calls the new function
geli_probe_and_attach(), which will "attach" the geli code to the open_file
struct by creating a geli_devdesc instance to replace the disk_devdesc
instance in the open_file. That routes all IO for the device through the
geli code.
A new public geli_add_key() function is added, to allow arch/vendor-specific
code to add keys obtained from custom hardware or other sources.
With these changes, geli support will be compiled into all variations of
loader(8) on all arches because the default is WITH_LOADER_GELI.
Relnotes: yes
Sponsored by: Microchip Technology Inc
Differential Revision: https://reviews.freebsd.org/D15743
to it being a common name elsewhere. Rename the old kzip one
to subr_inflate.c.
This actually fixes the build issues on sparc64 that my inclusion of
.PATH ${SYSDIR}/kern created in r336244, so also revert the broken
workaround I committed in r336249.
This slipped passed me because apparently, I never did a clean build.
Eliminate 4 of the copies of the arg parsing in /boot/laoder
by using boot_parse_cmdline.
Sponsored by: Netflix
Differential Revision: https://reviews.freebsd.org/D16205
boot_parse_arg to parse a single arg
boot_parse_cmdline to parse a command line string
boot_parse_args to parse all the args in a vector
boot_howto_to_env Convert howto bits to env vars
boot_env_to_howto Return howto mask mased on what's set in the environment.
All these routines return an int that's the bitmask of the args
translated to RB_* flags. As a special case, the 'S' flag sets the
comconsole_speed env var. Any arg that looks like a=b will set the env
key 'a' to value 'b'. If =b is omitted, 'a' is set to '1'. This
should help us reduce the number of redundant copies of these routines
in the tree. It should also give a more uniform experience between
platforms.
Also, invent a new flag RB_PROBE that's set when 'P' is parsed. On
x86 + BIOS, this means 'probe for the keyboard, and if it's not there
set both RB_MULTIPLE and RB_SERIAL (which means show the output on
both video and serial consoles, but make serial primary). Others it
may be some similar concept of probing, but it's loader dependent
what, exactly, it means.
These routines are suitable for /boot/loader and/or the kernel,
though they may not be suitable for the tightly hand-rolled-for-space
environments like boot2.
Sponsored by: Netflix
Differential Revision: https://reviews.freebsd.org/D16205
While ../zfs/libzfs.h mostly works, there are a few situations where
it does not. Eliminate the problem by using plain libzfs.h, like we do
for ufs support. This fixes the weird cases, and is easier to
understand. It also follows the general style convetion of avoiding
../ in #includes.
Move the libzfs stuff into libsa. There's no need for it to be a
separate library. The separate library adds to the issues of build
ordering that we see from time to time. Move the filesystem support
into libsa, like all the other filesystem support rather than making
zfs the odd-duck out.
Discussed with: allanjude@
U-Boot setup a few variables :
- fdt_addr which is the board static dtb (most of the time loaded before
u-boot or coming from some hardware like a ROM)
- fdt_addr_r which is a location in RAM that holds the DTB loaded by
u-boot or before u-boot
In the case of u-boot + rpi firmware the DTB is loaded in RAM but the location
still end up in the fdt_addr variable and the fdt_addr_r variable exist.
Change the behavior so we test that a DTB exists for every possible variable :
- fdt_addr_r is checked first as if u-boot needed to modify it the
correct DTB will live there.
- fdt_addr is checked second as if we run on a hardware with DTB in ROM
it means that we what/need to run that
- fdtaddr looks like a FreeBSD-ism but since I'm not sure leave it.
Reviewed by: gonzo
Differential Revision: https://reviews.freebsd.org/D16101
Previously the code cut those fields on second colon, that prevented
boot from boot environments with colon in their names. This change
moves the limitation from dev field to path, which is empty by default.
Reviewed by: allanjude, tsoome
MFC after: 2 weeks
Sponsored by: iXsystems, Inc.
Differential Revision: https://reviews.freebsd.org/D16068
If a disk is of an oddball size, like the 200mb + 512b used in rootgen.sh,
when disk_open() is called on a GELI encrypted partition, attempts to read
the partition table fail, as they pass through the decryption process which
turns the already plaintext data into jibberish.
When reading the partition table, always pass a slice and partition setting
of -1, and an offset of 0. Setting the slice to -1 prevents a false
positive when checking the slice against the cache of GELI encrypted
slices.
Reviewed by: imp, ian
Sponsored by: Klara Systems
Differential Revision: https://reviews.freebsd.org/D15847
While in base we use it as a boolean (of the wrong spelling), there's
at least one out of tree user that needs it to be int since priorirty
is a small int, not a 0/1. In deference to the time it's wasted me and
my team, push this up into FreeBSD for whatever short life boot1 may
have in the tree.
SVN r280384 updated the maximum password length from 16 bytes to 255. The
manual was not updated to reflect this. Found while working on kern/207069.
MFC after: 3 days
X-MFC-to: stable/11 stable/10
Sponsored by: Smule, Inc.
This was causing issues for people booting.
I will likely bring this back as an optional feature, similar to
boot0sio, like gptboot-serial or something.
PR: 221526
Reported by: O. Hartmann <ohartmann@walstatt.org>, Thomas Laus <lausts@acm.org>
Reduce by 1 the number of crazy libraries we need in stand by moving
geli into libsa (where architecturally it belonged all along). This
just moves things around without any code changes.
Normally the serial console is not enabled until /boot.config is read and
we know how the serial console should be configured. Initialize the
consoles early in 'dual' mode (serial & keyboard) with a default serial
rate of 115200. Then serial is re-initialized once the disk is decrypted
and the /boot.config file can be read.
This allows the GELIBoot passphrase to be provided via the serial console.
PR: 221526
Requested by: many
Reviewed by: imp
Sponsored by: Klara Systems
Differential Revision: https://reviews.freebsd.org/D15862
The GELI boot code rounds reads up to 4k, since the encrypted sectors are
4k, and must be decrypted as a unit. With oddball sized disks (almost
always virtual), this can lead to reading past the end of the disk.
Reviewed by: imp, tsoome
Sponsored by: Klara Systems
Differential Revision: https://reviews.freebsd.org/D15844
`rdev` and `disk` serve the same purpose, read the partition table without
the `d_offset` or `d_slice` set, so the read is relative to the start of
the disk. Reuse the already initialized `disk` instead of making another
copy later.
Sponsored by: Klara Systems
The wrong condition is used when evaluating the return of disk_ioctl()
This results in reaching the 'We should not get here' branch in most casts
Reviewed by: imp
Sponsored by: Klara Systems
Differential Revision: https://reviews.freebsd.org/D15839
table if we're just going to ignore it on arm, so expand, slightly,
the reach of the ifdef. Move the buffer to the inner block so we
don't have a separate #ifdef far away from these lines.
The issue on arm is that smbios_detect does unaligned accesses, which
in the u-boot implementing EFI context causes a crash.
is. We tell the ZFS code now, and it checks rather than having a
callback to do the checks.
This will allow us to have a more graceful fallback code. In the
future, it's anticipated that we may fallback to a more global search
(or implement a command to do so) when reqeusted by the user, or we
detect a violation of the UEFI Boot Manager protocol severe enough to
warrant this backstop. For now, it just allows us to get rid of img as
a global.
Sponsored by: Netflix
To recap the problem: with a black-on-white xterm, the menu draws terribly.
Ideally, we would try our best for a white-on-black context for the menu
since graphics and whatnot might not be tested for other setups and there's
no reasonable way to sample the terminal at this point for the used color
scheme.
This commit attempts to address that further in two ways:
- Instead of issuing CSI bg/fg resets (CSI 39m and CSI 49m respectively for
"default"), issue CSI bg/fg escape sequences for our expected color scheme
- Reset to *our* default color scheme before we even attempt to load the
local module, so that we personally don't have any earlier text with the
console default color scheme.
Reported by: emaste (again)
dteske@, I believe, had originally pointed out that lualoader failed to
allow logo-*.lua for new logos to be added. When correcting this mistake, I
failed to do the same for brands.
Correct the sub-mistake: creating new brands is almost identical to creating
new logos, except one must use `drawer.addBrand` and 'graphic' is the only
valid key for a branddef at the moment.
While here, I've added `drawer.default_brand` to be set to name of brand to
be used (e.g. 'fbsd', project default).
Eventually this whole goolash will be documented.
Reported by: kmoore, iXsystems
We support both of the following cases of substitution:
bar="y"
foo="${bar}"
foo="$bar"
The latter substitution syntax is, of course, not recommended- all
punctuation must be considered potential variable names, and we do not go
through the effort of searching the different combinations of, for instance,
"$x.y.z" to determine if the variable is $x, $x.y, or $x.y.z.
This is not officially documented as supported, but it has worked in
forthloader for what is most likely a long time as `evaluate` is used to
process the right hand side of the assignment.