diff --git a/UPDATING b/UPDATING index a84a9ecd63e..6f852439bc7 100644 --- a/UPDATING +++ b/UPDATING @@ -53,7 +53,8 @@ NOTE TO PEOPLE WHO THINK THAT FreeBSD 12.x IS SLOW: 201711xx: The LOADER_FIREWIRE_SUPPORT build variable as been renamed to - WITH_LOADER_FIREWIRE (or WITHOUT_LOADER_FIREWIRE). + WITH/OUT_LOADER_FIREWIRE. LOADER_{NO_,}GELI_SUPPORT has been renamed + to WITH/OUT_LOADER_GELI. 20171106: The naive and non-compliant support of posix_fallocate(2) in ZFS diff --git a/share/mk/src.opts.mk b/share/mk/src.opts.mk index 4ef52cb1689..b8ba2586617 100644 --- a/share/mk/src.opts.mk +++ b/share/mk/src.opts.mk @@ -119,6 +119,7 @@ __DEFAULT_YES_OPTIONS = \ LIB32 \ LIBPTHREAD \ LIBTHR \ + LOADER_GELI \ LOCALES \ LOCATE \ LPR \ diff --git a/sys/boot/defs.mk b/sys/boot/defs.mk index 75c354c6254..b08ffa7c9b2 100644 --- a/sys/boot/defs.mk +++ b/sys/boot/defs.mk @@ -85,10 +85,26 @@ CFLAGS+= -DLOADER_GPT_SUPPORT .if ${LOADER_MBR_SUPPORT:Uyes} == "yes" CFLAGS+= -DLOADER_MBR_SUPPORT .endif -.if ${LOADER_GELI_SUPPORT:Uyes} == "yes" -CFLAGS+= -DLOADER_GELI_SUPPORT + +# GELI Support, with backward compat hooks +.if defined(HAVE_GELI) +.if defined(LOADER_NO_GELI_SUPPORT) +MK_LOADER_GELI=no +.warning "Please move from LOADER_NO_GELI_SUPPORT to WITHOUT_LOADER_GELI" +.endif +.if defined(LOADER_GELI_SUPPORT) +MK_LOADER_GELI=yes +.warning "Please move from LOADER_GELI_SUPPORT to WITH_LOADER_GELI" +.endif +.if ${MK_LOADER_GELI} == "yes" +CFLAGS+= -DLOADER_GELI_SUPPORT +CFLAGS+= -I${BOOTSRC}/geli +LIBGELIBOOT= ${BOOTOBJ}/geli/libgeliboot.a .endif .endif +.endif + +CFLAGS+= -I${SYSDIR} # All PowerPC builds are 32 bit. We have no 64-bit loaders on powerpc # or powerpc64. diff --git a/sys/boot/geli/Makefile b/sys/boot/geli/Makefile index b16f7a8c5ab..89d6a9f956e 100644 --- a/sys/boot/geli/Makefile +++ b/sys/boot/geli/Makefile @@ -49,5 +49,9 @@ SRCS+= rijndael-alg-fst.c rijndael-api-fst.c rijndael-api.c CFLAGS+= -D_STAND SRCS+= geliboot_crypto.c g_eli_hmac.c g_eli_key.c g_eli_key_cache.c pkcs5v2.c +# aes +.PATH: ${SYSDIR}/opencrypto +SRCS+= xform_aes_xts.c + .include .include diff --git a/sys/boot/i386/gptboot/Makefile b/sys/boot/i386/gptboot/Makefile index 9d3048a89c5..efe45cb6dbd 100644 --- a/sys/boot/i386/gptboot/Makefile +++ b/sys/boot/i386/gptboot/Makefile @@ -1,5 +1,7 @@ # $FreeBSD$ +HAVE_GELI= yes + .include .PATH: ${BOOTSRC}/i386/boot2 ${BOOTSRC}/i386/common ${SASRC} @@ -41,14 +43,6 @@ CFLAGS+=-DBOOTPROG=\"gptboot\" \ CFLAGS.gcc+= --param max-inline-insns-single=100 -.if ${LOADER_GELI_SUPPORT:Uyes} == "yes" -CFLAGS+= -DLOADER_GELI_SUPPORT -CFLAGS+= -I${BOOTSRC}/geli -LIBGELIBOOT= ${BOOTOBJ}/geli/libgeliboot.a -.PATH: ${SYSDIR}/opencrypto -OPENCRYPTO_XTS= xform_aes_xts.o -.endif - LD_FLAGS+=${LD_FLAGS_BIN} CLEANFILES= gptboot @@ -66,12 +60,12 @@ gptldr.out: gptldr.o ${LD} ${LD_FLAGS} -e start -Ttext ${ORG1} -o ${.TARGET} gptldr.o CLEANFILES+= gptboot.bin gptboot.out gptboot.o sio.o crc32.o drv.o \ - cons.o util.o ${OPENCRYPTO_XTS} + cons.o ${OPENCRYPTO_XTS} gptboot.bin: gptboot.out ${OBJCOPY} -S -O binary gptboot.out ${.TARGET} -gptboot.out: ${BTXCRT} gptboot.o sio.o crc32.o drv.o cons.o util.o ${OPENCRYPTO_XTS} +gptboot.out: ${BTXCRT} gptboot.o sio.o crc32.o drv.o cons.o ${OPENCRYPTO_XTS} ${LD} ${LD_FLAGS} -Ttext ${ORG2} -o ${.TARGET} ${.ALLSRC} ${LIBGELIBOOT} ${LIBSA32} gptboot.o: ${SASRC}/ufsread.c diff --git a/sys/boot/i386/gptzfsboot/Makefile b/sys/boot/i386/gptzfsboot/Makefile index b9df313dd29..d2751c217e7 100644 --- a/sys/boot/i386/gptzfsboot/Makefile +++ b/sys/boot/i386/gptzfsboot/Makefile @@ -1,5 +1,7 @@ # $FreeBSD$ +HAVE_GPT= yes + .include .PATH: ${BOOTSRC}/i386/boot2 ${BOOTSRC}/i386/gptboot \ @@ -50,14 +52,6 @@ LIBZFSBOOT=${BOOTOBJ}/zfs32/libzfsboot.a LIBZFSBOOT=${BOOTOBJ}/zfs/libzfsboot.a .endif -.if ${LOADER_GELI_SUPPORT:Uyes} == "yes" -CFLAGS+= -DLOADER_GELI_SUPPORT -CFLAGS+= -I${BOOTSRC}/geli -LIBGELIBOOT= ${BOOTOBJ}/geli/libgeliboot.a -.PATH: ${SYSDIR}/opencrypto -OPENCRYPTO_XTS= xform_aes_xts.o -.endif - CFLAGS.gcc+= --param max-inline-insns-single=100 LD_FLAGS+=${LD_FLAGS_BIN} diff --git a/sys/boot/i386/libi386/Makefile b/sys/boot/i386/libi386/Makefile index 20ce255fd50..43d191dec19 100644 --- a/sys/boot/i386/libi386/Makefile +++ b/sys/boot/i386/libi386/Makefile @@ -1,5 +1,8 @@ # $FreeBSD$ +HAVE_GPT= yes +HAVE_GELI= yes + .include LIB= i386 @@ -25,12 +28,6 @@ CFLAGS+= -DCOMSPEED=${BOOT_COMCONSOLE_SPEED} CFLAGS+= -DDISK_DEBUG .endif -.if ${LOADER_GELI_SUPPORT:Uyes} == "yes" -# Decrypt encrypted drives -CFLAGS+= -DLOADER_GELI_SUPPORT -CFLAGS+= -I${BOOTSRC}/geli -.endif - .if !defined(BOOT_HIDE_SERIAL_NUMBERS) # Export serial numbers, UUID, and asset tag from loader. CFLAGS+= -DSMBIOS_SERIAL_NUMBERS diff --git a/sys/boot/i386/loader/Makefile b/sys/boot/i386/loader/Makefile index e9d8f897a16..a79b4fbdbcc 100644 --- a/sys/boot/i386/loader/Makefile +++ b/sys/boot/i386/loader/Makefile @@ -1,5 +1,7 @@ # $FreeBSD$ +HAVE_GELI= yes + LOADER_NET_SUPPORT?= yes LOADER_NFS_SUPPORT?= yes LOADER_TFTP_SUPPORT?= yes @@ -38,15 +40,6 @@ CFLAGS+= -DLOADER_FIREWIRE_SUPPORT LIBFIREWIRE= ${BOOTOBJ}/i386/libfirewire/libfirewire.a .endif -.if ${LOADER_GELI_SUPPORT:Uyes} == "yes" -CFLAGS+= -DLOADER_GELI_SUPPORT -CFLAGS+= -I${BOOTSRC}/geli -LIBGELIBOOT= ${BOOTOBJ}/geli/libgeliboot.a -.PATH: ${SYSDIR}/opencrypto -SRCS+= xform_aes_xts.c -CFLAGS+= -I${SYSDIR} -D_STAND -.endif - # Always add MI sources .include "${BOOTSRC}/loader.mk" CFLAGS+= -I. diff --git a/sys/boot/i386/zfsboot/Makefile b/sys/boot/i386/zfsboot/Makefile index a83bfa96059..81ab6f39a3d 100644 --- a/sys/boot/i386/zfsboot/Makefile +++ b/sys/boot/i386/zfsboot/Makefile @@ -1,6 +1,6 @@ # $FreeBSD$ -LOADER_GELI_SUPPORT=no +HAVE_GELI=yes .include @@ -60,7 +60,7 @@ zfsldr.out: zfsldr.o ${LD} ${LD_FLAGS} -e start -Ttext ${ORG1} -o ${.TARGET} zfsldr.o CLEANFILES+= zfsboot2 zfsboot.ld zfsboot.ldr zfsboot.bin zfsboot.out \ - zfsboot.o zfsboot.s zfsboot.s.tmp sio.o cons.o drv.o util.o + zfsboot.o zfsboot.s zfsboot.s.tmp sio.o cons.o drv.o # We currently allow 128k bytes for zfsboot - in practice it could be # any size up to 3.5Mb but keeping it fixed size simplifies zfsldr. @@ -82,8 +82,8 @@ zfsboot.ldr: zfsboot.bin: zfsboot.out ${OBJCOPY} -S -O binary zfsboot.out ${.TARGET} -zfsboot.out: ${BTXCRT} zfsboot.o sio.o drv.o cons.o util.o - ${LD} ${LD_FLAGS} -Ttext ${ORG2} -o ${.TARGET} ${.ALLSRC} ${LIBZFSBOOT} ${LIBSA32} +zfsboot.out: ${BTXCRT} zfsboot.o sio.o drv.o cons.o + ${LD} ${LD_FLAGS} -Ttext ${ORG2} -o ${.TARGET} ${.ALLSRC} ${LIBZFSBOOT} ${LIBGELIBOOT} ${LIBSA32} SRCS= zfsboot.c diff --git a/sys/boot/i386/zfsloader/Makefile b/sys/boot/i386/zfsloader/Makefile index 67aa8e94387..6111e47f12f 100644 --- a/sys/boot/i386/zfsloader/Makefile +++ b/sys/boot/i386/zfsloader/Makefile @@ -5,6 +5,5 @@ NEWVERSWHAT= "ZFS enabled bootstrap loader" x86 LOADER_ONLY= yes HAVE_ZFS= yes -.include -.include "${BOOTSRC}/i386/loader/Makefile" +.include "${.CURDIR}/../loader/Makefile" diff --git a/sys/boot/sparc64/loader/Makefile b/sys/boot/sparc64/loader/Makefile index 7eb0b342010..f7fb0300d41 100644 --- a/sys/boot/sparc64/loader/Makefile +++ b/sys/boot/sparc64/loader/Makefile @@ -22,6 +22,7 @@ VERSION_FILE= ${.CURDIR}/../loader/version INSTALLFLAGS= -b # Architecture-specific loader code +.PATH: ${BOOTSRC}/sparc64/loader SRCS= locore.S main.c metadata.c vers.c .if ${LOADER_DEBUG} == "yes" diff --git a/sys/boot/sparc64/zfsloader/Makefile b/sys/boot/sparc64/zfsloader/Makefile index a5d433ce401..b4c554b5cb1 100644 --- a/sys/boot/sparc64/zfsloader/Makefile +++ b/sys/boot/sparc64/zfsloader/Makefile @@ -1,7 +1,5 @@ # $FreeBSD$ -.PATH: ${.CURDIR}/../loader - PROG= zfsloader NEWVERSWHAT= "ZFS enabled bootstrap loader" sparc64 HAVE_ZFS= yes diff --git a/tools/boot/universe.sh b/tools/boot/universe.sh index 2f367c1c2bd..3b607b4c4a1 100755 --- a/tools/boot/universe.sh +++ b/tools/boot/universe.sh @@ -63,7 +63,7 @@ for i in \ sparc64/sparc64 \ ; do ta=${i##*/} - dobuild $ta _.boot.${ta}.noZFS.log "MK_ZFS=no" + dobuild $ta _.boot.${ta}.no_zfs.log "MK_ZFS=no" done # Build with firewire @@ -74,3 +74,12 @@ for i in \ ta=${i##*/} dobuild $ta _.boot.${ta}.firewire.log "MK_LOADER_FIREWIRE=yes" done + +# Build without GELI +for i in \ + amd64/amd64 \ + i386/i386 \ + ; do + ta=${i##*/} + dobuild $ta _.boot.${ta}.no_geli.log "MK_LOADER_GELI=no" +done diff --git a/tools/build/options/WITHOUT_LOADER_GEIL b/tools/build/options/WITHOUT_LOADER_GEIL new file mode 100644 index 00000000000..114bea6bfe0 --- /dev/null +++ b/tools/build/options/WITHOUT_LOADER_GEIL @@ -0,0 +1,2 @@ +.\" $FreeBSD$ +Disable inclusion of GELI crypto support in the boot chain binaries.