Diffusion FreeBSD src repository ffbaa453c191

bsdinstall: Stop loading cryptodev for ZFS installations
ffbaa453c191
Actions

Tags

None

Referenced Files

None

Subscribers

None

Description

bsdinstall: Stop loading cryptodev for ZFS installations

zfs depends on the crypto module, not cryptodev, and most arm64 kernel configs include std.dev, which includes "device crypto" anyway.
This config works around a problem with kldxref lacking cross-target support, but that has since been fixed.
Loading cryptodev creates /dev/crypto, which gives unprivileged users access to the kernel's opencrypto framework. Very few applications need it, so we're needlessly increasing the kernel's surface area.

Thus, stop auto-loading cryptodev.

Reviewed by: kevans, allanjude, des
Differential Revision: https://reviews.freebsd.org/D45127

Details

Provenance

Authored on May 8 2024, 4:01 PM

Reviewer

Differential Revision

D45127: bsdinstall: Stop loading cryptodev for ZFS installations

Parents

rG2a32b54a5774: ofed: don't expose symbols twice

Branches

Unknown

Tags

Unknown

Event Timeline

markj committed rGffbaa453c191: bsdinstall: Stop loading cryptodev for ZFS installations (authored by markj).May 8 2024, 4:01 PM

markj added an edge: D45127: bsdinstall: Stop loading cryptodev for ZFS installations.May 8 2024, 4:11 PM

Changes (1)

Path

Size

usr.sbin/

bsdinstall/

scripts/

rGffbaa453c191

usr.sbin/bsdinstall/scripts/config

Loading...