Page MenuHomeFreeBSD

Add WITH_LOADER_VERIEXEC_VECTX description
ClosedPublic

Authored by brooks on Mar 9 2023, 6:55 PM.
Tags
None
Referenced Files
F102796249: D39002.diff
Sun, Nov 17, 7:39 AM
Unknown Object (File)
Sat, Nov 9, 1:00 PM
Unknown Object (File)
Sat, Nov 9, 1:00 PM
Unknown Object (File)
Sat, Nov 9, 1:00 PM
Unknown Object (File)
Sat, Nov 9, 12:59 PM
Unknown Object (File)
Wed, Nov 6, 6:49 AM
Unknown Object (File)
Oct 14 2024, 5:27 AM
Unknown Object (File)
Sep 27 2024, 1:03 PM
Subscribers

Diff Detail

Repository
rG FreeBSD src repository
Lint
Lint Passed
Unit
No Test Coverage
Build Status
Buildable 50254
Build 47146: arc lint + arc unit

Event Timeline

brooks requested review of this revision.Mar 9 2023, 6:55 PM
tools/build/options/WITH_LOADER_VERIEXEC_VECTX
4

"thus verifying" sounds to me like it implies that hashing implies verification which is a little confusing, maybe hashing and verifying? But TBH I don't quite understand what this option is :)

6–8

makeman generates some variants of this automatically (although it will probably be the inverse, that WITHOUT_LOADER_VERIEXEC forces WITHOUT_LOADER_VERIEXEC_VECTX)

tools/build/options/WITH_LOADER_VERIEXEC_VECTX
4

I copied this text from @sjg's comment on the PR, but I agree "hashing and verifying" is more straightforward.

6–8

I think the implication is that it's a no-op without WITH_LOADER_VERIEXEC. There's kind of a gap in the framework here in that only WITHOUT_LOADER_VERIEXEC_VECTX is generally useful to set since it's effectively the default unless WITH_LOADER_VERIEXEC is set.

The generated stuff is IMO mostly noise (the .Bl block after the line mentioning WITH_BEARSSL):

.It Va WITH_LOADER_VERIEXEC
Enable building
.Xr loader 8
with support for verification similar to Verified Exec.
.Pp
Depends on
.Va WITH_BEARSSL .
When set, these options are also in effect:
.Pp
.Bl -inset -compact
.It Va WITH_LOADER_EFI_SECUREBOOT
(unless
.Va WITHOUT_LOADER_EFI_SECUREBOOT
is set explicitly)
.It Va WITH_LOADER_VERIEXEC_VECTX
(unless
.Va WITHOUT_LOADER_VERIEXEC_VECTX
is set explicitly)
.El

OK, we can always adjust as we fine-tune makeman (ref. discussion of duplicate options etc. taking place on the commits mailing list)

This revision is now accepted and ready to land.Mar 9 2023, 7:39 PM
This revision was automatically updated to reflect the committed changes.
brooks marked an inline comment as done.