From owner-freebsd-current@freebsd.org Wed Feb 21 23:15:50 2018 Return-Path: Delivered-To: freebsd-current@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 53A88F09EEC for ; Wed, 21 Feb 2018 23:15:50 +0000 (UTC) (envelope-from eric@metricspace.net) Received: from mail.metricspace.net (mail.metricspace.net [IPv6:2001:470:1f11:617::107]) by mx1.freebsd.org (Postfix) with ESMTP id EA4227852D; Wed, 21 Feb 2018 23:15:49 +0000 (UTC) (envelope-from eric@metricspace.net) Received: from [192.168.43.57] (mobile-107-107-61-1.mycingular.net [107.107.61.1]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client did not present a certificate) (Authenticated sender: eric) by mail.metricspace.net (Postfix) with ESMTPSA id B55062B68; Wed, 21 Feb 2018 23:15:48 +0000 (UTC) Subject: Re: GELI with UEFI supporting Boot Environments goes to HEAD when? To: Tommi Pernila Cc: Warner Losh , "[ScaleEngine] Allan Jude" , freebsd-current , imp@freebsd.org References: <0e75a2ba-9a59-8301-a678-68a822025bd6@metricspace.net> From: Eric McCorkle Message-ID: <9df63df2-9d61-4106-f360-347411869b41@metricspace.net> Date: Wed, 21 Feb 2018 18:15:47 -0500 User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:52.0) Gecko/20100101 Thunderbird/52.5.0 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 8bit X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 21 Feb 2018 23:15:50 -0000 The GELI work could be merged at this point, though it won't be usable without an additional patch to enable loader-only operation. The patches are currently up for review: This is the order in which they'd need to be merged: https://reviews.freebsd.org/D12732 This one changes the efipart device. Toomas Soome identified some problems, which I have addressed. He has not re-reviewed it, however. https://reviews.freebsd.org/D12692 This adds some crypto code needed for GELI. It simply adds new code, and doesn't conflict with anything. https://reviews.freebsd.org/D12698 This adds the EFI KMS interface code, and has the EFI loader pass keys into the keybuf interface. I can't post the main GELI driver until those get merged, as it depends on them. It can be found on the geli branch on my github freebsd repository, however. Additionally, you need this patch, which allows loader.efi to function when installed directly to the ESP: https://reviews.freebsd.org/D13497 On 02/20/2018 22:56, Tommi Pernila wrote: > Hi Eric, > > could you provide a brief update how the work is going? > > > Br, > > Tommi > > > On Nov 16, 2017 04:29, "Eric McCorkle" > wrote: > > Right, so basically, the remaining GELI patches are against loader, and > most of them can go in independently of the work on removing boot1. > There's a unanimous consensus on getting rid of boot1 which includes its > original author, so that's going to happen. > > > For GELI, we have the following (not necessarily in order): > > a) Adding the KMS interfaces, pseudo-device, and kernel keybuf > interactions > b) Modifications to the efipart driver > c) boot crypto > d) GELI partition types (not strictly necessary) > > Then there's the GELI driver itself.  (a) and (c) are good to land, (b) > needs some more work after Toomas Soome pointed out a legitimate > problem, and (d) actually needs a good bit more code (but again, it's > more cosmetic).  Additionally, the GELI driver will need further mods to > efipart to be written (nothing too big).  But we could go ahead with (a) > and (c), as they've already been proven to work. > > I'd wanted to have this stuff shaped up sooner, but I'm preoccupied with > the 7th RISC-V workshop at the end of the month. > > Once this stuff is all in, loader should handle any GELI volumes it > finds, and it should Just Work once boot1 is gone. > >