mirror of
https://github.com/freebsd/freebsd-src
synced 2024-09-06 09:10:28 +00:00
bsdinstall: Stop loading cryptodev for ZFS installations
- zfs depends on the crypto module, not cryptodev, and most arm64 kernel configs include std.dev, which includes "device crypto" anyway. - This config works around a problem with kldxref lacking cross-target support, but that has since been fixed. - Loading cryptodev creates /dev/crypto, which gives unprivileged users access to the kernel's opencrypto framework. Very few applications need it, so we're needlessly increasing the kernel's surface area. Thus, stop auto-loading cryptodev. Reviewed by: kevans, allanjude, des Differential Revision: https://reviews.freebsd.org/D45127
This commit is contained in:
parent
2a32b54a57
commit
ffbaa453c1
|
@ -43,9 +43,6 @@ cp $BSDINSTALL_TMPETC/* $BSDINSTALL_CHROOT/etc
|
|||
|
||||
cat $BSDINSTALL_TMPBOOT/loader.conf.* >> $BSDINSTALL_TMPBOOT/loader.conf
|
||||
rm $BSDINSTALL_TMPBOOT/loader.conf.*
|
||||
# The 'cryptodev_load' line is a workaround for arm64, which does not
|
||||
# automatically load cryptodev.ko with zfs.ko.
|
||||
df -t zfs $BSDINSTALL_CHROOT > /dev/null && echo "cryptodev_load=\"YES\"" >> $BSDINSTALL_TMPBOOT/loader.conf
|
||||
df -t zfs $BSDINSTALL_CHROOT > /dev/null && echo "zfs_load=\"YES\"" >> $BSDINSTALL_TMPBOOT/loader.conf
|
||||
|
||||
cp $BSDINSTALL_TMPBOOT/* $BSDINSTALL_CHROOT/boot
|
||||
|
|
Loading…
Reference in a new issue