Differential D39002

Add WITH_LOADER_VERIEXEC_VECTX description
ClosedPublic
Actions

Authored by brooks on Mar 9 2023, 6:55 PM.

Tags

None

Referenced Files

	Unknown Object (File)
	Sat, Nov 9, 1:00 PM

	Unknown Object (File)
	Sat, Nov 9, 1:00 PM

	Unknown Object (File)
	Sat, Nov 9, 1:00 PM

	Unknown Object (File)
	Sat, Nov 9, 12:59 PM

	Unknown Object (File)
	Wed, Nov 6, 6:49 AM

	Unknown Object (File)
	Oct 14 2024, 5:27 AM

	Unknown Object (File)
	Sep 27 2024, 1:03 PM

	Unknown Object (File)
	Sep 27 2024, 9:52 AM

View All 84 Files

Subscribers

Details

Reviewers

sjg
emaste

Commits

rG3ac71149bade: Add WITH_LOADER_VERIEXEC_VECTX description

Summary

PR: 270017

Diff Detail

Repository

rG FreeBSD src repository

Lint

Lint Not Applicable

Unit

Tests Not Applicable

Event Timeline

brooks created this revision.Mar 9 2023, 6:55 PM

Herald added subscribers: dab, imp. · View Herald TranscriptMar 9 2023, 6:55 PM

brooks requested review of this revision.Mar 9 2023, 6:55 PM

Harbormaster completed remote builds in B50253: Diff 118586.Mar 9 2023, 6:55 PM

brooks added a parent revision: D38991: Cirrus-CI: Add a task to check housekeeping state.Mar 9 2023, 6:55 PM

brooks removed a parent revision: D38991: Cirrus-CI: Add a task to check housekeeping state.

brooks added a child revision: D38991: Cirrus-CI: Add a task to check housekeeping state.

emaste added inline comments.Mar 9 2023, 7:00 PM

tools/build/options/WITH_LOADER_VERIEXEC_VECTX
4	"thus verifying" sounds to me like it implies that hashing implies verification which is a little confusing, maybe hashing and verifying? But TBH I don't quite understand what this option is :)
6–8	makeman generates some variants of this automatically (although it will probably be the inverse, that WITHOUT_LOADER_VERIEXEC forces WITHOUT_LOADER_VERIEXEC_VECTX)

brooks added inline comments.Mar 9 2023, 7:09 PM

tools/build/options/WITH_LOADER_VERIEXEC_VECTX
4	I copied this text from @sjg's comment on the PR, but I agree "hashing and verifying" is more straightforward.
6–8	I think the implication is that it's a no-op without WITH_LOADER_VERIEXEC. There's kind of a gap in the framework here in that only WITHOUT_LOADER_VERIEXEC_VECTX is generally useful to set since it's effectively the default unless WITH_LOADER_VERIEXEC is set. The generated stuff is IMO mostly noise (the .Bl block after the line mentioning WITH_BEARSSL): .It Va WITH_LOADER_VERIEXEC Enable building .Xr loader 8 with support for verification similar to Verified Exec. .Pp Depends on .Va WITH_BEARSSL . When set, these options are also in effect: .Pp .Bl -inset -compact .It Va WITH_LOADER_EFI_SECUREBOOT (unless .Va WITHOUT_LOADER_EFI_SECUREBOOT is set explicitly) .It Va WITH_LOADER_VERIEXEC_VECTX (unless .Va WITHOUT_LOADER_VERIEXEC_VECTX is set explicitly) .El

Reword slightly

Harbormaster completed remote builds in B50254: Diff 118587.Mar 9 2023, 7:20 PM

OK, we can always adjust as we fine-tune makeman (ref. discussion of duplicate options etc. taking place on the commits mailing list)

This revision is now accepted and ready to land.Mar 9 2023, 7:39 PM

Closed by commit rG3ac71149bade: Add WITH_LOADER_VERIEXEC_VECTX description (authored by brooks). · Explain WhyMar 9 2023, 9:40 PM

This revision was automatically updated to reflect the committed changes.

brooks marked an inline comment as done.

brooks added a commit: rG3ac71149bade: Add WITH_LOADER_VERIEXEC_VECTX description.

Revision Contents
Changeset List

Path

Size

share/

man/

man5/

tools/

build/

options/

WITH_LOADER_VERIEXEC_VECTX

7 lines

Diff 118600

share/man/man5/src.conf.5

Loading...

tools/build/options/WITH_LOADER_VERIEXEC_VECTX

Loading...