With the new 32-bit UEFI loader, it's convenient to have a sysctl to
figure out how we booted. Can be accessed at machdep.efi_arch
Reviewed by: imp
Pull Request: https://github.com/freebsd/freebsd-src/pull/1098
(cherry picked from commit b538d49110)
(cherry picked from commit 0e8890a425bc778d323566c881e26bad7c54baf2)
Approved by: so
Security: FreeBSD-EN-25:12.efi
When no legacy serial is found, we may be looking at a non-legacy mmio
serial device mapping, in which case the efi_devpath_name() for name
ConOutDev looks like this:
VenHw(XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX,0090DCFE00000000)/Uart(115200,8,N,1)/VenVt100()
Which should tell the kernel to attach a console to 0xfedc9000
(little endian 64 bit value). The value is stored behind the
VENDOR_DEVICE_PATH struct as a byte stream hence we need to check
if said address is appended behind the node. Also enforce use for
uart by requiring the console speed read from the same device.
There is no scientific process for "rs:2" derivation, but evidence would
indicate that this is the correct setting for existing MMIO EFI consoles.
See also: http://bsdimp.blogspot.com/2018/07/how-to-get-memory-mapped-serial-console.html
Be consistent with what we are now doing with non-EFI boot (but with the
difference that EFI runs in 64-bit mode on 64-bit platforms, so there is
no restriction that the v3 entry point should be below 4GB).
While here, move out the EFI smbios detection code in a separate
sub-routine.
Reviewed by: imp, markj
MFC after: 2 weeks
Relnotes: yes
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D49292
(cherry picked from commit 96f77576e9)
main.c - Fix rsdp cast.
framebuffer.c -
- Use temp variable instead of directly passing pointer when
EFI_PHYSICAL_ADDRESS is expected.
Also fix FreePages cast.
- Mask framebuffer address given to us by UEFI.
Reviewed by: imp
Pull Request: https://github.com/freebsd/freebsd-src/pull/1098
(cherry picked from commit 6818ff7797)
Using AllocateMaxAddress here means that gfx_state->tg_shadow_fb is
treated as the highest address we can receive. Since
gfx_state->tg_shadow_fb is NULL, we never receive anything. Use
AllocateAnyPages instead.
Reviewed by: imp
Pull Request: https://github.com/freebsd/freebsd-src/pull/1098
(cherry picked from commit 95f75b0e6e)
Some machines have 64-bit capable cpus but are stuck on 32-bit uefi
firmware.
Add support for them by building a new "loader_ia32" with
LOADER_DEFAULT_INTERP along with the 64-bit one. The loader
can be disabled using MK_LOADER_IA32.
Reviewed by: imp
Pull Request: https://github.com/freebsd/freebsd-src/pull/1098
(cherry picked from commit f8ca5d45c3)
We include too many references to networking things in the
non-networking build for loader.efi. Ifdef out netserver command when we
are disabling network support to resolve.
PR: 277528
MFC After: 2 days
Reviewed by: imp
(cherry picked from commit 47ef2a1310)
The upstream fix to make lld output for our EFI loaders reproducible
again was committed in 54521a2ff9. Bump lld's LINKER_FREEBSD_VERSION
to be able to check this in the EFI loader Makefile.
MFC after: 3 days
(cherry picked from commit f97c7fdc59)
The EFI RNG on some platforms takes a long time if we request 2048
bytes of entropy, so we would like to request less; but our kernel
Fortuna RNG needs to be fed 2048 bytes in order to consider itself
"fully seeded". If we have between 64 bytes (the size of a single
Fortuna pool and enough to guarantee cryptographic security) and
2048 bytes (what Fortuna wants) then the boot process will hang
waiting for more entropy despite in fact having enough to operate
securely.
Since 64 bytes of entropy is plenty to be cryptographically secure
(an attack of cost ~ 2^128 is infeasible, which implies a mere 16
bytes of entropy), use PBKDF2 (aka pkcs5v2_genkey_raw) to spread
the entropy across 2048 bytes. This is secure since PBKDF2 has
the property that every subset of output bytes has within O(1) of
the maximum possible amount of entropy.
Reviewed by: pjd
MFC after: 1 week
Sponsored by: Amazon
Differential Revision: https://reviews.freebsd.org/D46635
(cherry picked from commit c8ebbd28aa)
On some systems, the EFI GetRNG is slow. Make it show up in flamecharts.
MFC after: 1 week
Sponsored by: Amazon
Differential Revision: https://reviews.freebsd.org/D46631
(cherry picked from commit b58fe4eb29)
When the various loaders under stand/efi are built, the resulting
binaries differ over multiple runs, even if WITH_REPRODUCIBLE_BUILD is
used. This is caused by lld multithreading and the custom linker scripts
for the loaders, and affects the following binaries:
* loader_4th.efi
* loader_4th.sym
* loader_4th.sym.full
* loader_lua.efi
* loader_lua.sym
* loader_lua.sym.full
* loader_simp.efi
* loader_simp.sym
* loader_simp.sym.full
Work around this by disabling lld threading for these binaries.
Reviewed by: emaste
MFC after: 3 days
Differential Revision: https://reviews.freebsd.org/D46271
(cherry picked from commit f5ce3f4ef5)
Each incompatible change we make, we bump the major version. We've not
done the bump in a while, so sync everybody to 3.0. Anything older than
3.0 will be given a warning that their boot loader is too old. We check
only the major version, though, so minor versions can still be bumped
for individual loaders (though I honestly doubt we'll ever need to do
that again).
Sponsored by: Netflix
Reviewed by: jhb
Differential Revision: https://reviews.freebsd.org/D45888
(cherry picked from commit 9f7f905075)
We long ago changed newvers.sh to make these comments bogus. Remove
them since every single one of them is broken after the $FreeBSD$
removal.
Sponsored by: Netflix
Reviewed by: kevans, jhb
Differential Revision: https://reviews.freebsd.org/D45879
(cherry picked from commit 8165650389)
Load a splash screen that vt(4) can use if the "splash" env variable is defined.
For now only png is supported and decoding is done in loader and not in kernel
compared to splash screen support in sc(4).
For using this add:
boot_mute="YES"
splash="/boot/images/freebsd-logo-rev.png"
in loader.conf
Differential Revision: https://reviews.freebsd.org/D45932
Reviewed by: imp, tsoome
Sponsored by: Beckhoff Automation GmbH & Co. KG
(cherry picked from commit 00460cc8c5)
When linking with ld.bfd it complain with the following:
/usr/local/bin/aarch64-unknown-freebsd14.0-ld: start.o: relocation
R_AARCH64_ABS32 against `__data_size' can not be used when making a
shared object
Fix this by marking the __data_size with ABSOLUTE. This returns a
non-relocatable value which appears to be the same behaviour of lld.
Reviewed by: imp
Sponsored by: Arm Ltd
Differential Revision: https://reviews.freebsd.org/D45257
(cherry picked from commit 9f44638ef2)
Make doing the boot once protocol more similar to copies of this code.
Sponsored by: Netflix
Reviewed by: manu
Differential Revision: https://reviews.freebsd.org/D44007
(cherry picked from commit 2425dbdff3)
For safety, only include the interpreter's linker script. Note that the
simple loader doesn't have one, but it's not an error to copy a ELF
section that does not exist. No functional change, however.
Sponsored by: Netflix
Reviewed by: tsoome, kevans
Differential Revision: https://reviews.freebsd.org/D44064
(cherry picked from commit f5f08e41aa)
And upcoming change will need this set to be named this. Since it's only
used in the efi Makefile, and inside if ficl itself, the change should
be a nop.
Sponsored by: Netflix
Reviewed by: tsoome, kevans
Differential Revision: https://reviews.freebsd.org/D44063
(cherry picked from commit 8ec8413faa)
After the linker set cleanup in ldscripts, there's now only one place we
need to know the linkerset name, so go ahead and change the lua
interpreter augmentation linker set to be uniquely named.
Sponsored by: Netflix
Reviewed by: tsoome, kevans
Differential Revision: https://reviews.freebsd.org/D44062
(cherry picked from commit b4e85f760b)
We don't need linker sets listed as sections. They are explicitly
included in the objcopy we use to create the .efi file. This practice
was added in 2002 by peter@ in a6d81d83a2 to make ia64 builds
self-hosted. However, it was added back to the objcopy in 2010 by rpaulo
in 8df7a05edd for i386 EFI support, though the ldscript file then
retained them needlessly. The gcc/binutils bug having been fixed in the
interim. We've not needed them since then, but the redundancy didn't
matter.
Sponsored by: Netflix
Reviewed by: tsoome, kevans
Differential Revision: https://reviews.freebsd.org/D44061
(cherry picked from commit d024bc7ff5)
In the larger open source community, ld scripts are foo.ldscrpt rather
than ldscript.arch like we use here. This moves the EFI ldscripts.
Sponsored by: Netflix
Reviewed by: tsoome, kevans, emaste
Differential Revision: https://reviews.freebsd.org/D44056
(cherry picked from commit 5b3b9a5858)
Move the extern struct devsw md_dev out of the function. gcc is happier
with this arrangemnt often. However, we really should move it to a
header file, but that requires a bit of a rework of md support and
config.
Sponsored by: Netflix
Reviewed by: manu, tsoome
Differential Revision: https://reviews.freebsd.org/D44008
(cherry picked from commit b2822c40f6)
The project is moving away from CTASSERT in favor of
_Static_assert. Cleanup the few instances in the loader proactively.
Sponsored by: Netflix
Reviewed by: manu, tsoome
Differential Revision: https://reviews.freebsd.org/D44006
(cherry picked from commit 32568e5f24)
By default only report unverified files at severity VE_WANT
and above. This inlcudes *.conf but not *.hints, *.cookie
or *.tgz which get VE_TRY as their severity.
If Verbose is set to 0, then VerifyFlags should default to 0 too.
Thus the combination of
module_verbose=0
VE_VEBOSE=0
is sufficient to make the loader almost totally silent.
When verify_prep has to find_manifest and it is verified ok
return VE_NOT_CHECKED to verify_file so that it can skip
repeating verify_fd
Also add better debugging output for is_verified and add_verify_status.
vectx handle compressed modules
When verifying a compressed module (.ko.gz or .ko.bz2)
stat() reports the size as -1 (unknown).
vectx_lseek needs to spot this during closing - and just read until
EOF is hit.
Note: because of the way libsa's open() works, verify_prep will see
the path to be verified as module.ko not module.ko.bz2 etc. This is
actually ok, because we need a separate module.ko.bz2 entry so that
the package can be verified, and the hash for module.ko is of the
uncompressed file which is what vectx will see.
Re-work local.trust.mk so site.trust.mk need only set
VE_SIGN_URL_LIST (if using the mentioned signing server)
interp.c: restrict interactive input
Apply the same restrictions to interactive input as for
unverified conf and hints files.
Use version.veriexec when LOADER_VERIEXEC is yes
Reviewed by: kevans
Sponsored by: Juniper Networks, Inc.
Differential Revision: https://reviews.freebsd.org/D43810
(cherry picked from commit f616d61ab6)
The font module is part of the gfx_fb support. Since we share this file
between EFI and kboot, we only want to pass the font data to the kernel
when we're booting from EFI, not kboot.
Sponsored by: Netflix
(cherry picked from commit 784f925e50)
While we're here, enable the feature in the places we detect ACPI. This
lets us side-step the existing issues and provide a path forward for
folks upgrading from previous releases that haven't updated their ESP
yet.
Let's also fix core.setACPI: the hint already indicates that the
user's disabled it more consistently than loader.acpi_disabled_by_user.
Even more, the latter is wrong because we set it by default if we did
not detect ACPI. The ACPI hint remains even when we're setting defaults
because ACPI loaded into the kernel will make some noise if it's not
hinted off, even when we didn't detect it.
imp notes that this will result in some relatively harmless noise on
platforms that don't support ACPI but aren't using the UEFI loader, as
we would enable the ACPI module for loading on them and then loader
would not be able to find it. These are non-fatal, but should probably
be fixed by just declaring support for EARLY_ACPI in those loaders since
we know they won't have ACPI early on -- punting on this for the time
being, though, in favor of providing a safer upgrade path sooner.
Reviewed by: imp
Differential Revision: https://reviews.freebsd.org/D42727
(cherry picked from commit e183039f08)
Apply the following automated changes to try to eliminate
no-longer-needed sys/cdefs.h includes as well as now-empty
blank lines in a row.
Remove /^#if.*\n#endif.*\n#include\s+<sys/cdefs.h>.*\n/
Remove /\n+#include\s+<sys/cdefs.h>.*\n+#if.*\n#endif.*\n+/
Remove /\n+#if.*\n#endif.*\n+/
Remove /^#if.*\n#endif.*\n/
Remove /\n+#include\s+<sys/cdefs.h>\n#include\s+<sys/types.h>/
Remove /\n+#include\s+<sys/cdefs.h>\n#include\s+<sys/param.h>/
Remove /\n+#include\s+<sys/cdefs.h>\n#include\s+<sys/capsicum.h>/
Sponsored by: Netflix
(cherry picked from commit 7c43148a97)
We have no need for 5 different copies of these.
Sponsored by: Netflix
Reviewed by: rcm, kevans, andrew
Differential Revision: https://reviews.freebsd.org/D42699
(cherry picked from commit 7a1bc422d1)
To avoid a redefinition warning... This needs to be redone correctly,
but this gets amd64 building again... My amd64 environment is polluted
with something that caues earlier failures which I ignored...
Fixes: 488bc7e9a7
Sponsored by: Netflix
(cherry picked from commit e4789047ff)
With the system inttypes, we build on all platforms again.
Suggested by: andrew
Fixes: 0b01d45783
Sponsored by: Netflix
(cherry picked from commit 488bc7e9a7)
lua was previously unable to determine ACPI presence because this
probing was postponed until the final loading and execution of the
kernel.
This patch resolves that by detecting ACPI early (similar to
the order of operations in the legacy i386 loader).
Reviewed by: kevans
Approved by: kp
Sponsored by: Rubicon Communications, LLC ("Netgate")
Differential Revision: https://reviews.freebsd.org/D42459
(cherry picked from commit 0b01d45783)
Update dependencies for the loader variations used for each
architecture.
Reviewed by: sjg
Differential Revision: https://reviews.freebsd.org/D39741
(cherry picked from commit 2008043f38)
Some leaf directories were missing Makefile.depend files or needed
architecture-specific Makefile.depend.* files.
(cherry picked from commit e5b786625f)
To read/update the boot loader nvstore, we always need to call
zfs_attach_nvstore() regardless of whether we use bootonce key
in nvstore or the bootfs property of the pool. The call was
unintentionally left in the block of code that is processed
only when bootonce key is present.
In particular this fixes broken 'nextboot -k'.
Reviewed by: imp
Differential Revision: https://reviews.freebsd.org/D41795
Fixes: e3e2681d0e
(cherry picked from commit d13550f0c9)
Try ConIn if we don't have a ConOut variable. ConIn will contain HID
devices and/or serial devices. We currently just search for serial
devices and will use them instead of video with the current code. While
ConIn w/o ConOut is fairly common on laptops, is kinda rare on servers.
Some refinement may be needed in the future if servers come to
light. This is also minimal to allow possible integration into 13.3
release.
MFC After: 1 week
Sponsored by: Netflix
Reviewed by: dab, tsoome
Differential Revision: https://reviews.freebsd.org/D43714
(cherry picked from commit 064fa628ce)
Preemptively address a collision with LIBFDT (to be added in the future)
from src.libnames.mk, which gets included via bsd.progs.mk. No
functional change intended.
Reviewed by: imp
MFC after: 1 week
Sponsored by: Innovate UK
Differential Revision: https://reviews.freebsd.org/D42486
(cherry picked from commit b247ff70e8)
By not exporting _start, we get various warnings of the form:
ld: warning: cannot find entry symbol _start
Note that in practice these don't matter because we manually construct
our PE header and use objcopy -O binary, so the entry point is set to
whatever we put explicitly in the PE header, but we should still do the
right thing and silence these warnings.
This was found in CheriBSD, where bsd.prog.mk has similar logic to
bsd.lib.mk and sets -Wl,--(no-)fatal-warnings based on LD_FATAL_WARNINGS
(unlike FreeBSD which only does so in the latter).
