Commit Graph

20 Commits

Author SHA1 Message Date
Toomas Soome
dba7640e44 ficl: instead of pad, emit can use local variable
Pad in forth is used as "scratchpad" and internal implementations
should not use it. Ficl does not really follow this rule and this can fire back.
emit has no need to use pad, we can use local variable instead.
2020-12-01 22:28:02 +00:00
Brandon Bergren
0ebbda9718 Tweak ficl definition from r365724
I had overthought how to do the FICL_TRUE change. We do not need to
explicitly specify how big the 0 is before the cast to the correct size.

The same change was suggested by both imp@ and Gunther Nikl independently.

Tested on powerpc.

Reported by:	imp, Gunther Nikl
2020-09-22 23:27:09 +00:00
Brandon Bergren
9e4c35f867 stand/ficl 64-bit compatibility
Currently, the only thing that prevents a functioning 64-bit FICL build is
a few integer types that were intended to be fixed-width.

Changing them to C99 integer types allows building a functioning 64-bit
FICL.

While this isn't applicable to the default settings of any in-tree loaders,
it is necessary for a future Petitboot loader, due to the requirement that
it be compiled as a 64-bit program.

Reviewed by:	tsoome, imp (earlier revision)
Sponsored by:	Tag1 Consulting, Inc.
Differential Revision:	https://reviews.freebsd.org/D26364
2020-09-14 15:48:30 +00:00
Simon J. Gerraty
91cd69ee2c veloader use vectx API for kernel and modules
The vectx API, computes the hash for verifying a file as it is read.
This avoids the overhead of reading files twice - once to verify, then
again to load.

For doing an install via loader, avoiding the need to rewind
large files is critical.

This API is only used for modules, kernel and mdimage as these are the
biggest files read by the loader.
The reduction in boot time depends on how expensive the I/O is
on any given platform.  On a fast VM we see 6% improvement.

For install via loader the first file to be verified is likely to be the
kernel, so some of the prep work (finding manifest etc) done by
verify_file() needs to be factored so it can be reused for
vectx_open().

For missing or unrecognized fingerprint entries, we fail
in vectx_open() unless verifying is disabled.

Otherwise fingerprint check happens in vectx_close() and
since this API is only used for files which must be verified
(VE_MUST) we panic if we get an incorrect hash.

Reviewed by:	imp,tsoome
MFC after:	1 week
Sponsored by:	Juniper Networks
Differential Revision:	https://reviews.freebsd.org//D23827
2020-03-09 16:02:54 +00:00
Simon J. Gerraty
afc571b1a6 veloader use vectx API for kernel and modules
The vectx API, computes the hash for verifying a file as it is read.
This avoids the overhead of reading files twice - once to verify, then
again to load.

For doing an install via loader, avoiding the need to rewind
large files is critical.

This API is only used for modules, kernel and mdimage as these are the
biggest files read by the loader.
The reduction in boot time depends on how expensive the I/O is
on any given platform.  On a fast VM we see 6% improvement.

For install via loader the first file to be verified is likely to be the
kernel, so some of the prep work (finding manifest etc) done by
verify_file() needs to be factored so it can be reused for
vectx_open().

For missing or unrecognized fingerprint entries, we fail
in vectx_open() unless verifying is disabled.

Otherwise fingerprint check happens in vectx_close() and
since this API is only used for files which must be verified
(VE_MUST) we panic if we get an incorrect hash.

Reviewed by:	imp,tsoome
MFC after:	1 week
Sponsored by:	Juniper Networks
Differential Revision:	https://reviews.freebsd.org//D23827
2020-03-08 17:42:42 +00:00
Warner Losh
eb24e1491f Remove sparc64 support from the boot loader.
Remove all the sparc64 specific bits, both files and ifdefs.
2020-02-03 17:34:57 +00:00
Simon J. Gerraty
e9b148a318 Add support for hypervisor check on x86
Add ficl words for isvirtualized
and move ficl inb and outb words to ficl/x86/sysdep.c
so can be shared by i386 and amd64

Reviewed by:	imp bdrewery
MFC after:	1 week
Sponsored by:	Juniper Networks
Differential Revision:	https://reviews.freebsd.org/D22069
2019-10-24 20:02:48 +00:00
Toomas Soome
938cae327c ficl: add xemit word
While emit will output one byte on screen, the xemit will output xchar.

See: http://forth-standard.org/standard/xchar/XEMIT
2019-09-05 15:06:30 +00:00
Toomas Soome
0bd5d36798 ficl: add uIsGreater word
For some reason we have u< but not u>, fix it.
2019-09-05 09:04:48 +00:00
Simon J. Gerraty
2ef9ff7dd3 ficl pfopen: verify file
If the file is verified - do not allow write
otherwise do not allow read.

Add O_ACCMODE to stand.h

Reviewed by:	stevek, mindal_semihalf.com
MFC after:	3 days
Sponsored by:	Juniper Networks
Differential Revision:	https://reviews.freebsd.org/D20387
2019-05-24 19:43:38 +00:00
Simon J. Gerraty
8df8b2d3e5 Enable veriexec for loader
This relies on libbearssl and libsecureboot
to verify files read by loader in a maner equivalent
to how mac_veriexec

Note: disabled by default.
Use is initially expected to be by embeded vendors

Reviewed by:	emaste, imp
Sponsored by:	Juniper Networks
Differential Revision:	D16336
2019-02-26 06:22:10 +00:00
Warner Losh
56e53cb8ef Prefer uintXX_t to u_intXX_t
A foolish consistency is the hobgoblin of little minds, adored by
little statesmen and philosophers and divines. With consistency a
great soul has simply nothing to do. -- Ralph Waldo Emerson
2018-03-13 16:33:00 +00:00
Kyle Evans
14a2bd52f7 stand/ficl: Fix testmain
testmain is a userland application intended to be built with standard
headers and whatnot, which we broke.

Fix it by having the testmain build clobber cflags, reducing it to just the
set of defines/includes it needs to build.

Discussed with:	imp
MFC after:	3 days
2018-03-07 17:18:46 +00:00
Warner Losh
fcdb1f0317 Eliminate bsd.stand.mk and -fPIC 32-bit intel builds
OK. We don't really need a bsd.stand.mk, and it was causing a -fPIC
for the toolchain to be added (bogusly) when building on amd64. Pull
all relevant defs back into defs.mk and delete bsd.stand.mk.

This saves about 15-20k on i386 loader and zfsloader which when
combined with Lua give us a lot more stack space in those constrained
environments.
2018-02-16 00:17:32 +00:00
Warner Losh
8299b37f85 Centralize several variables.
MK_CTF, MK_SSP, MK_PROFILE, NO_PIC, and INTERNALLIB are always the
same, so set them in defs.mk. MAN= is common, so set it here too.
This removes a lot of boring repetition from the Makefiles that added
almost no value.
2018-02-02 06:32:26 +00:00
Warner Losh
65b8a300df Revert r326855: Cargo cut a fix for the regressions r326585 caused.
This was an experiment that landed in the wrong branch and was pushed
accidentally. It's best if it is ignored because the difference was
due to vers.o being different, not float.o... And it was confirmed to
not fix anything...

Pointy Hat to: imp
2017-12-14 18:57:17 +00:00
Warner Losh
108bcd504e Cargo cut a fix for the regressions r326585 caused.
We need to include ficl.h after the standard includes, rather than
before them. It changes the generated code in ways that haven't been
completely analyized. This restores the old code generation (as
verified by md5 changing back for zfsloader).

This should restore GPT + ZFS and GPT + ZFS + GELI booting that was
broken in r326585 (or would have been if r326584 hadn't broken the
build).

Sponsored by: Netflix
2017-12-14 16:51:26 +00:00
Warner Losh
29374678a6 This path belongs in ficl/Makefile, not the common defines for users
of ficl.

Sponsored by: Netflix
2017-12-08 22:19:41 +00:00
Warner Losh
a4b9cb3abd Include ficl.h before anything else and avoid including anything at
all if we're not building float.

Sponsored by: Netflix
2017-12-05 21:37:41 +00:00
Warner Losh
ca987d4641 Move sys/boot to stand. Fix all references to new location
Sponsored by:	Netflix
2017-11-14 23:02:19 +00:00