Make doing the boot once protocol more similar to copies of this code.
Sponsored by: Netflix
Reviewed by: manu
Differential Revision: https://reviews.freebsd.org/D44007
For safety, only include the interpreter's linker script. Note that the
simple loader doesn't have one, but it's not an error to copy a ELF
section that does not exist. No functional change, however.
Sponsored by: Netflix
Reviewed by: tsoome, kevans
Differential Revision: https://reviews.freebsd.org/D44064
And upcoming change will need this set to be named this. Since it's only
used in the efi Makefile, and inside if ficl itself, the change should
be a nop.
Sponsored by: Netflix
Reviewed by: tsoome, kevans
Differential Revision: https://reviews.freebsd.org/D44063
After the linker set cleanup in ldscripts, there's now only one place we
need to know the linkerset name, so go ahead and change the lua
interpreter augmentation linker set to be uniquely named.
Sponsored by: Netflix
Reviewed by: tsoome, kevans
Differential Revision: https://reviews.freebsd.org/D44062
We don't need linker sets listed as sections. They are explicitly
included in the objcopy we use to create the .efi file. This practice
was added in 2002 by peter@ in a6d81d83a2 to make ia64 builds
self-hosted. However, it was added back to the objcopy in 2010 by rpaulo
in 8df7a05edd for i386 EFI support, though the ldscript file then
retained them needlessly. The gcc/binutils bug having been fixed in the
interim. We've not needed them since then, but the redundancy didn't
matter.
Sponsored by: Netflix
Reviewed by: tsoome, kevans
Differential Revision: https://reviews.freebsd.org/D44061
In the larger open source community, ld scripts are foo.ldscrpt rather
than ldscript.arch like we use here. This moves the EFI ldscripts.
Sponsored by: Netflix
Reviewed by: tsoome, kevans, emaste
Differential Revision: https://reviews.freebsd.org/D44056
Move the extern struct devsw md_dev out of the function. gcc is happier
with this arrangemnt often. However, we really should move it to a
header file, but that requires a bit of a rework of md support and
config.
Sponsored by: Netflix
Reviewed by: manu, tsoome
Differential Revision: https://reviews.freebsd.org/D44008
The project is moving away from CTASSERT in favor of
_Static_assert. Cleanup the few instances in the loader proactively.
Sponsored by: Netflix
Reviewed by: manu, tsoome
Differential Revision: https://reviews.freebsd.org/D44006
By default only report unverified files at severity VE_WANT
and above. This inlcudes *.conf but not *.hints, *.cookie
or *.tgz which get VE_TRY as their severity.
If Verbose is set to 0, then VerifyFlags should default to 0 too.
Thus the combination of
module_verbose=0
VE_VEBOSE=0
is sufficient to make the loader almost totally silent.
When verify_prep has to find_manifest and it is verified ok
return VE_NOT_CHECKED to verify_file so that it can skip
repeating verify_fd
Also add better debugging output for is_verified and add_verify_status.
vectx handle compressed modules
When verifying a compressed module (.ko.gz or .ko.bz2)
stat() reports the size as -1 (unknown).
vectx_lseek needs to spot this during closing - and just read until
EOF is hit.
Note: because of the way libsa's open() works, verify_prep will see
the path to be verified as module.ko not module.ko.bz2 etc. This is
actually ok, because we need a separate module.ko.bz2 entry so that
the package can be verified, and the hash for module.ko is of the
uncompressed file which is what vectx will see.
Re-work local.trust.mk so site.trust.mk need only set
VE_SIGN_URL_LIST (if using the mentioned signing server)
interp.c: restrict interactive input
Apply the same restrictions to interactive input as for
unverified conf and hints files.
Use version.veriexec when LOADER_VERIEXEC is yes
Reviewed by: kevans
Sponsored by: Juniper Networks, Inc.
Differential Revision: https://reviews.freebsd.org/D43810
Try ConIn if we don't have a ConOut variable. ConIn will contain HID
devices and/or serial devices. We currently just search for serial
devices and will use them instead of video with the current code. While
ConIn w/o ConOut is fairly common on laptops, is kinda rare on servers.
Some refinement may be needed in the future if servers come to
light. This is also minimal to allow possible integration into 13.3
release.
MFC After: 1 week
Sponsored by: Netflix
Reviewed by: dab, tsoome
Differential Revision: https://reviews.freebsd.org/D43714
The font module is part of the gfx_fb support. Since we share this file
between EFI and kboot, we only want to pass the font data to the kernel
when we're booting from EFI, not kboot.
Sponsored by: Netflix
While we're here, enable the feature in the places we detect ACPI. This
lets us side-step the existing issues and provide a path forward for
folks upgrading from previous releases that haven't updated their ESP
yet.
Let's also fix core.setACPI: the hint already indicates that the
user's disabled it more consistently than loader.acpi_disabled_by_user.
Even more, the latter is wrong because we set it by default if we did
not detect ACPI. The ACPI hint remains even when we're setting defaults
because ACPI loaded into the kernel will make some noise if it's not
hinted off, even when we didn't detect it.
imp notes that this will result in some relatively harmless noise on
platforms that don't support ACPI but aren't using the UEFI loader, as
we would enable the ACPI module for loading on them and then loader
would not be able to find it. These are non-fatal, but should probably
be fixed by just declaring support for EARLY_ACPI in those loaders since
we know they won't have ACPI early on -- punting on this for the time
being, though, in favor of providing a safer upgrade path sooner.
Reviewed by: imp
Differential Revision: https://reviews.freebsd.org/D42727
Apply the following automated changes to try to eliminate
no-longer-needed sys/cdefs.h includes as well as now-empty
blank lines in a row.
Remove /^#if.*\n#endif.*\n#include\s+<sys/cdefs.h>.*\n/
Remove /\n+#include\s+<sys/cdefs.h>.*\n+#if.*\n#endif.*\n+/
Remove /\n+#if.*\n#endif.*\n+/
Remove /^#if.*\n#endif.*\n/
Remove /\n+#include\s+<sys/cdefs.h>\n#include\s+<sys/types.h>/
Remove /\n+#include\s+<sys/cdefs.h>\n#include\s+<sys/param.h>/
Remove /\n+#include\s+<sys/cdefs.h>\n#include\s+<sys/capsicum.h>/
Sponsored by: Netflix
We have no need for 5 different copies of these.
Sponsored by: Netflix
Reviewed by: rcm, kevans, andrew
Differential Revision: https://reviews.freebsd.org/D42699
To avoid a redefinition warning... This needs to be redone correctly,
but this gets amd64 building again... My amd64 environment is polluted
with something that caues earlier failures which I ignored...
Fixes: 488bc7e9a7
Sponsored by: Netflix
lua was previously unable to determine ACPI presence because this
probing was postponed until the final loading and execution of the
kernel.
This patch resolves that by detecting ACPI early (similar to
the order of operations in the legacy i386 loader).
Reviewed by: kevans
Approved by: kp
Sponsored by: Rubicon Communications, LLC ("Netgate")
Differential Revision: https://reviews.freebsd.org/D42459
Preemptively address a collision with LIBFDT (to be added in the future)
from src.libnames.mk, which gets included via bsd.progs.mk. No
functional change intended.
Reviewed by: imp
MFC after: 1 week
Sponsored by: Innovate UK
Differential Revision: https://reviews.freebsd.org/D42486
To read/update the boot loader nvstore, we always need to call
zfs_attach_nvstore() regardless of whether we use bootonce key
in nvstore or the bootfs property of the pool. The call was
unintentionally left in the block of code that is processed
only when bootonce key is present.
In particular this fixes broken 'nextboot -k'.
Reviewed by: imp
Differential Revision: https://reviews.freebsd.org/D41795
Fixes: e3e2681d0e
By not exporting _start, we get various warnings of the form:
ld: warning: cannot find entry symbol _start
Note that in practice these don't matter because we manually construct
our PE header and use objcopy -O binary, so the entry point is set to
whatever we put explicitly in the PE header, but we should still do the
right thing and silence these warnings.
This was found in CheriBSD, where bsd.prog.mk has similar logic to
bsd.lib.mk and sets -Wl,--(no-)fatal-warnings based on LD_FATAL_WARNINGS
(unlike FreeBSD which only does so in the latter).
As a result, it is only really checking for the word Drive, making
"Drive" appended to anything else considered for efi env.
Reviewed by: imp, kevans
Pull Request: https://github.com/freebsd/freebsd-src/pull/738
Before this change we would only pass the bootonce dataset name
to the environment for the next loader, while actually reading
the next stage loader from the 'bootfs' dataset, not the bootonce
dataset.
Another problem fixed by this change is a boot from a configuration
when bootonce attribute is present, but 'bootfs' property is not set.
Reviewed by: imp
Differential Revision: https://reviews.freebsd.org/D40389
First check if bootonce is configured and if it is, then change currdev
accordingly and after that do the sanity check. This fixes boot in a
situation when ZFS pool doesn't have the "bootfs" property, but has
bootonce attribute set. A strange, but legitimate case.
Reviewed by: tsoome, imp
Differential Revision: https://reviews.freebsd.org/D40388
We don't keep comc_port around anymore if the console's not present, but
some things might still try to set one of the environment variables we
hook. In particular, one need not even set efi_com_port/efi_com_speed
in loader.conf; loader may do it itself and induce the crash if ConOut
depicts an available uart.
Probably reported by: dch
OK for now: imp
If we can't find the serial port, free comc_port and return early. The
serial port just isn't there.
Sponsored by: Netflix
Reviewed by: kevans
Differential Revision: https://reviews.freebsd.org/D40223
Make the compat code more correct by probing using the eficom console
structure, not the comconsole one.
Sponsored by: Netflix
Reviewed by: kevans
Differential Revision: https://reviews.freebsd.org/D40222
If the machine isn't hyperv on amd64, then this driver fails the probe
and will do nothing further now, even if explicitly listed in a config.
Sponsored by: Netflix
Reviewed by: kevans
Differential Revision: https://reviews.freebsd.org/D40221
Don't even have a comc_port when the port doesn't exist: always free it
if we probe that it's not there. Also, when it's not present, clear the
flags indicating presence to avoid disturbing other flags.
Sponsored by: Netflix
Reviewed by: tsoome, kevans
Differential Revision: https://reviews.freebsd.org/D40220
It would be nice to make decisions early in boot, about maybe consoles,
based on smbios variables. Set them just after we setup the archsw so we
can use them everywhere.
Sponsored by: Netflix
Reviewed by: tsoome, kevans
Differential Revision: https://reviews.freebsd.org/D40219
UEFI device path may be path to one device, or concatenated list of instances
to different devices (textually represented as comma separated list).
Provide generic function to get next instance from device path.
Returns next instance or end node.
The use case is like:
EFI_DEVICE_PATH *node = (EFI_DEVICE_PATH *)buf;
while (!IsDevicePathEnd(node)) {
process(node);
node = efi_devpath_next_instance(node);
}
Where buf is pointing to either single device path or
concatenated list of device paths (such as from ConIn or ConOut).
Reviewers: imp
Differential Revision: https://reviews.freebsd.org/D40081
The SPDX folks have obsoleted the BSD-2-Clause-FreeBSD identifier. Catch
up to that fact and revert to their recommended match of BSD-2-Clause.
Discussed with: pfg
MFC After: 3 days
Sponsored by: Netflix
Remove the i386 ifdefs and files. It never worked.
Sponsored by: Netflix
Reviewed by: manu, tsoome, kevans
Differential Revision: https://reviews.freebsd.org/D40012