Re: GELI with UEFI supporting Boot Environments goes to HEAD when?

[Ian Lepore]

On Fri, 2018-08-03 at 22:20 +0100, Warner Losh wrote:
> On Fri, Aug 3, 2018, 10:17 PM Tommi Pernila 
> wrote:
> 
> > 
> > 
> > 
> > On Fri, 3 Aug 2018 at 20.17, Warner Losh  wrote:
> > 
> > > 
[...]
> > Thank you all for your work on this!
> > 
> > *starts updating CURRENT install*
> > 
> Let us know of there is a problem...

And don't forget to do the often-skipped "mergemaster -p" step of the
updating before doing the installworld, to add the new ntpd user. :)

-- Ian
___
freebsd-current@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-current
To unsubscribe, send any mail to "freebsd-current-unsubscr...@freebsd.org"

Re: GELI with UEFI supporting Boot Environments goes to HEAD when?

[Warner Losh]

On Fri, Aug 3, 2018, 10:17 PM Tommi Pernila  wrote:

>
>
> On Fri, 3 Aug 2018 at 20.17, Warner Losh  wrote:
>
>> On Fri, Aug 3, 2018, 5:58 PM Ian Lepore  wrote:
>>
>> > On Fri, 2018-08-03 at 19:54 +0300, Tommi Pernila wrote:
>> > > On Tue, 10 Jul 2018 at 1.05, Warner Losh  wrote:
>> > >
>> > > >
>> > > > I have this in my tree already...
>> > > >
>> > > > Warner
>> > > >
>> > > > On Mon, Jul 9, 2018, 10:28 AM Allan Jude 
>> > > > wrote:
>> > > >
>> > > > >
>> > > > > I will look at updating the rootgen.sh script this evening, to
>> > > > > support
>> > > > > creating more flexible ESP partitions, so we can drop the
>> > > > > loader.efi
>> > > > > into an msdosfs directly.
>> > > > >
>> > > > > On 07/08/2018 15:31, Ian Lepore wrote:
>> > > > > >
>> > > > > > On Sun, 2018-07-08 at 21:08 +0200, Oliver Pinter wrote:
>> > > > > > >
>> > > > > > > Hi!
>> > > > > > >
>> > > > > > > Have you or Warner any update on this code?
>> > > > > > >
>> > > > > > > On Thursday, April 12, 2018, Eric McCorkle > > > > > > > net>
>> > > > > > > wrote:
>> > > > > > >
>> > > > > > Are you aware of https://reviews.freebsd.org/D15743 ?
>> > > > > >
>> > > > > > That's my changes to add geli support to loader(8) in an
>> > > > > > architecture-
>> > > > > > agnostic way, so that "it just works" for all platforms and
>> > > > > > flavors of
>> > > > > > loader. It has been succesfully tested on armv6/7 (ubldr) and
>> > > > > > on x86
>> > > > > > using qemu.  The x86 tests cover ufs and zfs, legacy bios and
>> > > > > > uefi. The
>> > > > > > only variations that aren't tested yet are the uefi flavors,
>> > > > > > because
>> > > > > > the current rootgen.sh script for assembling test images is
>> > > > > > still using
>> > > > > > boot1.efi and I don't know enough about efi myself to update
>> > > > > > the script
>> > > > > > to make it assemble images the new way Warner envisions.
>> > > > > >
>> > > > > > -- Ian
>> > > > > >
>> > > > > > >
>> > > > > > > >
>> > > > > > > >
>> > > > > > > > I'm in the middle of moving to a new apartment right
>> > > > > > > > now.  It's
>> > > > > > > > going to
>> > > > > > > > be a bit before I can get to this.
>> > > > > > > >
>> > > > > > > > On 04/11/2018 20:31, Warner Losh wrote:
>> > > > > > > > >
>> > > > > > > > >
>> > > > > > > > > OK. I've pushed in the main part of it. The additional
>> > > > > > > > > work I
>> > > > > > > > > have
>> > > > > > > > > shouldn't affect any of this stuff.  I was going to look
>> > > > > > > > > at what
>> > > > > > > > > part(s)
>> > > > > > > > > of your open reviewed needed to be redone tomorrow and
>> > > > > > > > > send you
>> > > > > > > > > feedback, but if you wanted to get a start before then,
>> > > > > > > > > I'm happy
>> > > > > > > > > to
>> > > > > > > > > answer questions. All the rest of my work is going to be
>> > > > > > > > > selecting the
>> > > > > > > > > root partition when we're told to us a specific
>> > > > > > > > > partition, so
>> > > > > > > > > will be
>> > > > > > > > > very constrained.
>> > > > > > > > >
>> > > > > > > > > Warner
>> > > > > > > > >
>> > > > > > > > > On Wed, Apr 11, 2018 at 6:02 PM, Eric McCorkle > > > > > > > > > icspace.
>> > > > > > > > > net
>> > > > > > > > > > wrote:
>> > > > > > > > >
>> > > > > > > > >  I think the thing to do at this point is to wait for
>> > > > > > > > > the
>> > > > > > > > > current
>> > > > > > > > work on
>> > > > > > > > >
>> > > > > > > > >
>> > > > > > > > >  loader.efi to land, then adapt my patches to apply
>> > > > > > > > > against
>> > > > > > > > > that work.
>> > > > > > > > >
>> > > > > > > > >  On 04/11/2018 15:06, Warner Losh wrote:
>> > > > > > > > >  > Still reviewing the code. I'm worried it's too
>> > > > > > > > > i386
>> > > > > > > > > specific and it
>> > > > > > > > >  > conflicts with some work I'm doing. I'll have a
>> > > > > > > > > list of
>> > > > > > > > > actionable
>> > > > > > > > >  > critiques this week.
>> > > > > > > > >  >
>> > > > > > > > >  > Warner
>> > > > > > > > >  >
>> > > > > > > > >  > On Wed, Apr 11, 2018 at 1:03 PM, Oliver Pinter
>> > > > > > > > >  > > > > > > > > > >  
>> > > > > > > > >  > > > > > > > > >  >>
>> > > > > > > > >  > wrote:
>> > > > > > > > >  >
>> > > > > > > > >  > Hi!
>> > > > > > > > >  >
>> > > > > > > > >  > Is there any update regarding the rebase or
>> > > > > > > > > the
>> > > > > > > > > inclusion to
>> > > > > > > > base
>> > > > > > > > >
>> > > > > > > > >
>> > > > > > > > >  > system?
>> > > > > > > > >  > On 3/28/18, Eric McCorkle > > > > > > > > > t
>> > > > > > > > > > > > > > > > > e...@metricspace.net>
>> > > > > > > > >
>> > > > > > > > >
>> > > > > > > > >  > > > > > > > > > > icspace.n
>> 

Re: GELI with UEFI supporting Boot Environments goes to HEAD when?

[Tommi Pernila]

On Fri, 3 Aug 2018 at 20.17, Warner Losh  wrote:

> On Fri, Aug 3, 2018, 5:58 PM Ian Lepore  wrote:
>
> > On Fri, 2018-08-03 at 19:54 +0300, Tommi Pernila wrote:
> > > On Tue, 10 Jul 2018 at 1.05, Warner Losh  wrote:
> > >
> > > >
> > > > I have this in my tree already...
> > > >
> > > > Warner
> > > >
> > > > On Mon, Jul 9, 2018, 10:28 AM Allan Jude 
> > > > wrote:
> > > >
> > > > >
> > > > > I will look at updating the rootgen.sh script this evening, to
> > > > > support
> > > > > creating more flexible ESP partitions, so we can drop the
> > > > > loader.efi
> > > > > into an msdosfs directly.
> > > > >
> > > > > On 07/08/2018 15:31, Ian Lepore wrote:
> > > > > >
> > > > > > On Sun, 2018-07-08 at 21:08 +0200, Oliver Pinter wrote:
> > > > > > >
> > > > > > > Hi!
> > > > > > >
> > > > > > > Have you or Warner any update on this code?
> > > > > > >
> > > > > > > On Thursday, April 12, 2018, Eric McCorkle  > > > > > > net>
> > > > > > > wrote:
> > > > > > >
> > > > > > Are you aware of https://reviews.freebsd.org/D15743 ?
> > > > > >
> > > > > > That's my changes to add geli support to loader(8) in an
> > > > > > architecture-
> > > > > > agnostic way, so that "it just works" for all platforms and
> > > > > > flavors of
> > > > > > loader. It has been succesfully tested on armv6/7 (ubldr) and
> > > > > > on x86
> > > > > > using qemu.  The x86 tests cover ufs and zfs, legacy bios and
> > > > > > uefi. The
> > > > > > only variations that aren't tested yet are the uefi flavors,
> > > > > > because
> > > > > > the current rootgen.sh script for assembling test images is
> > > > > > still using
> > > > > > boot1.efi and I don't know enough about efi myself to update
> > > > > > the script
> > > > > > to make it assemble images the new way Warner envisions.
> > > > > >
> > > > > > -- Ian
> > > > > >
> > > > > > >
> > > > > > > >
> > > > > > > >
> > > > > > > > I'm in the middle of moving to a new apartment right
> > > > > > > > now.  It's
> > > > > > > > going to
> > > > > > > > be a bit before I can get to this.
> > > > > > > >
> > > > > > > > On 04/11/2018 20:31, Warner Losh wrote:
> > > > > > > > >
> > > > > > > > >
> > > > > > > > > OK. I've pushed in the main part of it. The additional
> > > > > > > > > work I
> > > > > > > > > have
> > > > > > > > > shouldn't affect any of this stuff.  I was going to look
> > > > > > > > > at what
> > > > > > > > > part(s)
> > > > > > > > > of your open reviewed needed to be redone tomorrow and
> > > > > > > > > send you
> > > > > > > > > feedback, but if you wanted to get a start before then,
> > > > > > > > > I'm happy
> > > > > > > > > to
> > > > > > > > > answer questions. All the rest of my work is going to be
> > > > > > > > > selecting the
> > > > > > > > > root partition when we're told to us a specific
> > > > > > > > > partition, so
> > > > > > > > > will be
> > > > > > > > > very constrained.
> > > > > > > > >
> > > > > > > > > Warner
> > > > > > > > >
> > > > > > > > > On Wed, Apr 11, 2018 at 6:02 PM, Eric McCorkle  > > > > > > > > icspace.
> > > > > > > > > net
> > > > > > > > > > wrote:
> > > > > > > > >
> > > > > > > > >  I think the thing to do at this point is to wait for
> > > > > > > > > the
> > > > > > > > > current
> > > > > > > > work on
> > > > > > > > >
> > > > > > > > >
> > > > > > > > >  loader.efi to land, then adapt my patches to apply
> > > > > > > > > against
> > > > > > > > > that work.
> > > > > > > > >
> > > > > > > > >  On 04/11/2018 15:06, Warner Losh wrote:
> > > > > > > > >  > Still reviewing the code. I'm worried it's too
> > > > > > > > > i386
> > > > > > > > > specific and it
> > > > > > > > >  > conflicts with some work I'm doing. I'll have a
> > > > > > > > > list of
> > > > > > > > > actionable
> > > > > > > > >  > critiques this week.
> > > > > > > > >  >
> > > > > > > > >  > Warner
> > > > > > > > >  >
> > > > > > > > >  > On Wed, Apr 11, 2018 at 1:03 PM, Oliver Pinter
> > > > > > > > >  >  > > > > > > > >  
> > > > > > > > >   > > > > > > > >  >>
> > > > > > > > >  > wrote:
> > > > > > > > >  >
> > > > > > > > >  > Hi!
> > > > > > > > >  >
> > > > > > > > >  > Is there any update regarding the rebase or
> > > > > > > > > the
> > > > > > > > > inclusion to
> > > > > > > > base
> > > > > > > > >
> > > > > > > > >
> > > > > > > > >  > system?
> > > > > > > > >  > On 3/28/18, Eric McCorkle  > > > > > > > > t
> > > > > > > > >  > > > > > > > e...@metricspace.net>
> > > > > > > > >
> > > > > > > > >
> > > > > > > > >  >  > > > > > > > > icspace.n
> > > > > > > > > et>>>
> > > > > > > > wrote:
> > > > > > > > >
> > > > > > > > >
> > > > > > > > >  > > I'll do another rebase from head just to be
> > > > > > > > > sure
> > > > > > > > 

Re: GELI with UEFI supporting Boot Environments goes to HEAD when?

[Ian Lepore]

On Fri, 2018-08-03 at 19:54 +0300, Tommi Pernila wrote:
> On Tue, 10 Jul 2018 at 1.05, Warner Losh  wrote:
> 
> > 
> > I have this in my tree already...
> > 
> > Warner
> > 
> > On Mon, Jul 9, 2018, 10:28 AM Allan Jude 
> > wrote:
> > 
> > > 
> > > I will look at updating the rootgen.sh script this evening, to
> > > support
> > > creating more flexible ESP partitions, so we can drop the
> > > loader.efi
> > > into an msdosfs directly.
> > > 
> > > On 07/08/2018 15:31, Ian Lepore wrote:
> > > > 
> > > > On Sun, 2018-07-08 at 21:08 +0200, Oliver Pinter wrote:
> > > > > 
> > > > > Hi!
> > > > > 
> > > > > Have you or Warner any update on this code?
> > > > > 
> > > > > On Thursday, April 12, 2018, Eric McCorkle  > > > > net>
> > > > > wrote:
> > > > > 
> > > > Are you aware of https://reviews.freebsd.org/D15743 ?
> > > > 
> > > > That's my changes to add geli support to loader(8) in an
> > > > architecture-
> > > > agnostic way, so that "it just works" for all platforms and
> > > > flavors of
> > > > loader. It has been succesfully tested on armv6/7 (ubldr) and
> > > > on x86
> > > > using qemu.  The x86 tests cover ufs and zfs, legacy bios and
> > > > uefi. The
> > > > only variations that aren't tested yet are the uefi flavors,
> > > > because
> > > > the current rootgen.sh script for assembling test images is
> > > > still using
> > > > boot1.efi and I don't know enough about efi myself to update
> > > > the script
> > > > to make it assemble images the new way Warner envisions.
> > > > 
> > > > -- Ian
> > > > 
> > > > > 
> > > > > > 
> > > > > > 
> > > > > > I'm in the middle of moving to a new apartment right
> > > > > > now.  It's
> > > > > > going to
> > > > > > be a bit before I can get to this.
> > > > > > 
> > > > > > On 04/11/2018 20:31, Warner Losh wrote:
> > > > > > > 
> > > > > > > 
> > > > > > > OK. I've pushed in the main part of it. The additional
> > > > > > > work I
> > > > > > > have
> > > > > > > shouldn't affect any of this stuff.  I was going to look
> > > > > > > at what
> > > > > > > part(s)
> > > > > > > of your open reviewed needed to be redone tomorrow and
> > > > > > > send you
> > > > > > > feedback, but if you wanted to get a start before then,
> > > > > > > I'm happy
> > > > > > > to
> > > > > > > answer questions. All the rest of my work is going to be
> > > > > > > selecting the
> > > > > > > root partition when we're told to us a specific
> > > > > > > partition, so
> > > > > > > will be
> > > > > > > very constrained.
> > > > > > > 
> > > > > > > Warner
> > > > > > > 
> > > > > > > On Wed, Apr 11, 2018 at 6:02 PM, Eric McCorkle  > > > > > > icspace.
> > > > > > > net
> > > > > > > > wrote:
> > > > > > > 
> > > > > > >  I think the thing to do at this point is to wait for
> > > > > > > the
> > > > > > > current
> > > > > > work on
> > > > > > > 
> > > > > > > 
> > > > > > >  loader.efi to land, then adapt my patches to apply
> > > > > > > against
> > > > > > > that work.
> > > > > > > 
> > > > > > >  On 04/11/2018 15:06, Warner Losh wrote:
> > > > > > >  > Still reviewing the code. I'm worried it's too
> > > > > > > i386
> > > > > > > specific and it
> > > > > > >  > conflicts with some work I'm doing. I'll have a
> > > > > > > list of
> > > > > > > actionable
> > > > > > >  > critiques this week.
> > > > > > >  >
> > > > > > >  > Warner
> > > > > > >  >
> > > > > > >  > On Wed, Apr 11, 2018 at 1:03 PM, Oliver Pinter
> > > > > > >  >  > > > > > >  
> > > > > > >   > > > > > >  >>
> > > > > > >  > wrote:
> > > > > > >  >
> > > > > > >  > Hi!
> > > > > > >  >
> > > > > > >  > Is there any update regarding the rebase or
> > > > > > > the
> > > > > > > inclusion to
> > > > > > base
> > > > > > > 
> > > > > > > 
> > > > > > >  > system?
> > > > > > >  > On 3/28/18, Eric McCorkle  > > > > > > t
> > > > > > >  > > > > > e...@metricspace.net>
> > > > > > > 
> > > > > > > 
> > > > > > >  >  > > > > > > icspace.n
> > > > > > > et>>>
> > > > > > wrote:
> > > > > > > 
> > > > > > > 
> > > > > > >  > > I'll do another rebase from head just to be
> > > > > > > sure
> > > > > > >  > >
> > > > > > >  > > On March 28, 2018 3:23:23 PM EDT, Warner
> > > > > > > Losh <
> > > > > > i...@bsdimp.com 
> > > > > > > 
> > > > > > > 
> > > > > > >  > 
> > > > > > > >> wrote:
> > > > > > >  > >>It's on my list for nexr, finally. I have an
> > > > > > > alternate patch
> > > > > > for
> > > > > > > 
> > > > > > > 
> > > > > > >  > >>loader.efi
> > > > > > >  > >>from ESP, but i don't think it will affect
> > > > > > > the GELI
> > > > > > > stuff. I
> > > > > > have some
> > > > > > 

Re: GELI with UEFI supporting Boot Environments goes to HEAD when?

[Warner Losh]

On Fri, Aug 3, 2018, 5:58 PM Ian Lepore  wrote:

> On Fri, 2018-08-03 at 19:54 +0300, Tommi Pernila wrote:
> > On Tue, 10 Jul 2018 at 1.05, Warner Losh  wrote:
> >
> > >
> > > I have this in my tree already...
> > >
> > > Warner
> > >
> > > On Mon, Jul 9, 2018, 10:28 AM Allan Jude 
> > > wrote:
> > >
> > > >
> > > > I will look at updating the rootgen.sh script this evening, to
> > > > support
> > > > creating more flexible ESP partitions, so we can drop the
> > > > loader.efi
> > > > into an msdosfs directly.
> > > >
> > > > On 07/08/2018 15:31, Ian Lepore wrote:
> > > > >
> > > > > On Sun, 2018-07-08 at 21:08 +0200, Oliver Pinter wrote:
> > > > > >
> > > > > > Hi!
> > > > > >
> > > > > > Have you or Warner any update on this code?
> > > > > >
> > > > > > On Thursday, April 12, 2018, Eric McCorkle  > > > > > net>
> > > > > > wrote:
> > > > > >
> > > > > Are you aware of https://reviews.freebsd.org/D15743 ?
> > > > >
> > > > > That's my changes to add geli support to loader(8) in an
> > > > > architecture-
> > > > > agnostic way, so that "it just works" for all platforms and
> > > > > flavors of
> > > > > loader. It has been succesfully tested on armv6/7 (ubldr) and
> > > > > on x86
> > > > > using qemu.  The x86 tests cover ufs and zfs, legacy bios and
> > > > > uefi. The
> > > > > only variations that aren't tested yet are the uefi flavors,
> > > > > because
> > > > > the current rootgen.sh script for assembling test images is
> > > > > still using
> > > > > boot1.efi and I don't know enough about efi myself to update
> > > > > the script
> > > > > to make it assemble images the new way Warner envisions.
> > > > >
> > > > > -- Ian
> > > > >
> > > > > >
> > > > > > >
> > > > > > >
> > > > > > > I'm in the middle of moving to a new apartment right
> > > > > > > now.  It's
> > > > > > > going to
> > > > > > > be a bit before I can get to this.
> > > > > > >
> > > > > > > On 04/11/2018 20:31, Warner Losh wrote:
> > > > > > > >
> > > > > > > >
> > > > > > > > OK. I've pushed in the main part of it. The additional
> > > > > > > > work I
> > > > > > > > have
> > > > > > > > shouldn't affect any of this stuff.  I was going to look
> > > > > > > > at what
> > > > > > > > part(s)
> > > > > > > > of your open reviewed needed to be redone tomorrow and
> > > > > > > > send you
> > > > > > > > feedback, but if you wanted to get a start before then,
> > > > > > > > I'm happy
> > > > > > > > to
> > > > > > > > answer questions. All the rest of my work is going to be
> > > > > > > > selecting the
> > > > > > > > root partition when we're told to us a specific
> > > > > > > > partition, so
> > > > > > > > will be
> > > > > > > > very constrained.
> > > > > > > >
> > > > > > > > Warner
> > > > > > > >
> > > > > > > > On Wed, Apr 11, 2018 at 6:02 PM, Eric McCorkle  > > > > > > > icspace.
> > > > > > > > net
> > > > > > > > > wrote:
> > > > > > > >
> > > > > > > >  I think the thing to do at this point is to wait for
> > > > > > > > the
> > > > > > > > current
> > > > > > > work on
> > > > > > > >
> > > > > > > >
> > > > > > > >  loader.efi to land, then adapt my patches to apply
> > > > > > > > against
> > > > > > > > that work.
> > > > > > > >
> > > > > > > >  On 04/11/2018 15:06, Warner Losh wrote:
> > > > > > > >  > Still reviewing the code. I'm worried it's too
> > > > > > > > i386
> > > > > > > > specific and it
> > > > > > > >  > conflicts with some work I'm doing. I'll have a
> > > > > > > > list of
> > > > > > > > actionable
> > > > > > > >  > critiques this week.
> > > > > > > >  >
> > > > > > > >  > Warner
> > > > > > > >  >
> > > > > > > >  > On Wed, Apr 11, 2018 at 1:03 PM, Oliver Pinter
> > > > > > > >  >  > > > > > > >  
> > > > > > > >   > > > > > > >  >>
> > > > > > > >  > wrote:
> > > > > > > >  >
> > > > > > > >  > Hi!
> > > > > > > >  >
> > > > > > > >  > Is there any update regarding the rebase or
> > > > > > > > the
> > > > > > > > inclusion to
> > > > > > > base
> > > > > > > >
> > > > > > > >
> > > > > > > >  > system?
> > > > > > > >  > On 3/28/18, Eric McCorkle  > > > > > > > t
> > > > > > > >  > > > > > > e...@metricspace.net>
> > > > > > > >
> > > > > > > >
> > > > > > > >  >  > > > > > > > icspace.n
> > > > > > > > et>>>
> > > > > > > wrote:
> > > > > > > >
> > > > > > > >
> > > > > > > >  > > I'll do another rebase from head just to be
> > > > > > > > sure
> > > > > > > >  > >
> > > > > > > >  > > On March 28, 2018 3:23:23 PM EDT, Warner
> > > > > > > > Losh <
> > > > > > > i...@bsdimp.com 
> > > > > > > >
> > > > > > > >
> > > > > > > >  > 
> > > > > > > > >> wrote:
> > > > > > > >  > 

Re: GELI with UEFI supporting Boot Environments goes to HEAD when?

[Tommi Pernila]

On Tue, 10 Jul 2018 at 1.05, Warner Losh  wrote:

> I have this in my tree already...
>
> Warner
>
> On Mon, Jul 9, 2018, 10:28 AM Allan Jude  wrote:
>
>> I will look at updating the rootgen.sh script this evening, to support
>> creating more flexible ESP partitions, so we can drop the loader.efi
>> into an msdosfs directly.
>>
>> On 07/08/2018 15:31, Ian Lepore wrote:
>> > On Sun, 2018-07-08 at 21:08 +0200, Oliver Pinter wrote:
>> >> Hi!
>> >>
>> >> Have you or Warner any update on this code?
>> >>
>> >> On Thursday, April 12, 2018, Eric McCorkle 
>> >> wrote:
>> >>
>> >
>> > Are you aware of https://reviews.freebsd.org/D15743 ?
>> >
>> > That's my changes to add geli support to loader(8) in an architecture-
>> > agnostic way, so that "it just works" for all platforms and flavors of
>> > loader. It has been succesfully tested on armv6/7 (ubldr) and on x86
>> > using qemu.  The x86 tests cover ufs and zfs, legacy bios and uefi. The
>> > only variations that aren't tested yet are the uefi flavors, because
>> > the current rootgen.sh script for assembling test images is still using
>> > boot1.efi and I don't know enough about efi myself to update the script
>> > to make it assemble images the new way Warner envisions.
>> >
>> > -- Ian
>> >
>> >>>
>> >>> I'm in the middle of moving to a new apartment right now.  It's
>> >>> going to
>> >>> be a bit before I can get to this.
>> >>>
>> >>> On 04/11/2018 20:31, Warner Losh wrote:
>> 
>>  OK. I've pushed in the main part of it. The additional work I
>>  have
>>  shouldn't affect any of this stuff.  I was going to look at what
>>  part(s)
>>  of your open reviewed needed to be redone tomorrow and send you
>>  feedback, but if you wanted to get a start before then, I'm happy
>>  to
>>  answer questions. All the rest of my work is going to be
>>  selecting the
>>  root partition when we're told to us a specific partition, so
>>  will be
>>  very constrained.
>> 
>>  Warner
>> 
>>  On Wed, Apr 11, 2018 at 6:02 PM, Eric McCorkle >  net
>>  > wrote:
>> 
>>   I think the thing to do at this point is to wait for the
>>  current
>> >>> work on
>> 
>>   loader.efi to land, then adapt my patches to apply against
>>  that work.
>> 
>>   On 04/11/2018 15:06, Warner Losh wrote:
>>   > Still reviewing the code. I'm worried it's too i386
>>  specific and it
>>   > conflicts with some work I'm doing. I'll have a list of
>>  actionable
>>   > critiques this week.
>>   >
>>   > Warner
>>   >
>>   > On Wed, Apr 11, 2018 at 1:03 PM, Oliver Pinter
>>   > >   
>>   >   >>
>>   > wrote:
>>   >
>>   > Hi!
>>   >
>>   > Is there any update regarding the rebase or the
>>  inclusion to
>> >>> base
>> 
>>   > system?
>>   > On 3/28/18, Eric McCorkle >  > >>> e...@metricspace.net>
>> 
>>   > >  et>>>
>> >>> wrote:
>> 
>>   > > I'll do another rebase from head just to be sure
>>   > >
>>   > > On March 28, 2018 3:23:23 PM EDT, Warner Losh <
>> >>> i...@bsdimp.com 
>> 
>>   > >> wrote:
>>   > >>It's on my list for nexr, finally. I have an
>>  alternate patch
>> >>> for
>> 
>>   > >>loader.efi
>>   > >>from ESP, but i don't think it will affect the GELI
>>  stuff. I
>> >>> have some
>> 
>>   > >>time
>>   > >>slotted for integration issues though.
>>   > >>
>>   > >>I am quite mindful of the freeze dates I  have
>>  some uefi
>> >>> boot
>> 
>>   > >>loader
>>   > >>protocol changes that I need to get in.
>>   > >>
>>   > >>Warner
>>   > >>
>>   > >>On Feb 21, 2018 11:18 PM, "Tommi Pernila" <
>> >>> tommi.pern...@iki.fi 
>> 
>>   > >  fi>>>
>> >>> wrote:
>> 
>>   > >>
>>   > >>> Awesome, thanks for the update and the work that
>>  you have
>> >>> done!
>> 
>>   > >>>
>>   > >>> Now we just need some more reviewers eyes on the
>>  code :)
>>   > >>>
>>   > >>> Br,
>>   > >>>
>>   > >>> Tommi
>>   > >>>
>>   > >>> On Thu, 22 Feb 2018 at 2.03, Eric McCorkle <
>> >>> e...@metricspace.net 
>> 
>>   > 

Re: GELI with UEFI supporting Boot Environments goes to HEAD when?

[Warner Losh]

I have this in my tree already...

Warner

On Mon, Jul 9, 2018, 10:28 AM Allan Jude  wrote:

> I will look at updating the rootgen.sh script this evening, to support
> creating more flexible ESP partitions, so we can drop the loader.efi
> into an msdosfs directly.
>
> On 07/08/2018 15:31, Ian Lepore wrote:
> > On Sun, 2018-07-08 at 21:08 +0200, Oliver Pinter wrote:
> >> Hi!
> >>
> >> Have you or Warner any update on this code?
> >>
> >> On Thursday, April 12, 2018, Eric McCorkle 
> >> wrote:
> >>
> >
> > Are you aware of https://reviews.freebsd.org/D15743 ?
> >
> > That's my changes to add geli support to loader(8) in an architecture-
> > agnostic way, so that "it just works" for all platforms and flavors of
> > loader. It has been succesfully tested on armv6/7 (ubldr) and on x86
> > using qemu.  The x86 tests cover ufs and zfs, legacy bios and uefi. The
> > only variations that aren't tested yet are the uefi flavors, because
> > the current rootgen.sh script for assembling test images is still using
> > boot1.efi and I don't know enough about efi myself to update the script
> > to make it assemble images the new way Warner envisions.
> >
> > -- Ian
> >
> >>>
> >>> I'm in the middle of moving to a new apartment right now.  It's
> >>> going to
> >>> be a bit before I can get to this.
> >>>
> >>> On 04/11/2018 20:31, Warner Losh wrote:
> 
>  OK. I've pushed in the main part of it. The additional work I
>  have
>  shouldn't affect any of this stuff.  I was going to look at what
>  part(s)
>  of your open reviewed needed to be redone tomorrow and send you
>  feedback, but if you wanted to get a start before then, I'm happy
>  to
>  answer questions. All the rest of my work is going to be
>  selecting the
>  root partition when we're told to us a specific partition, so
>  will be
>  very constrained.
> 
>  Warner
> 
>  On Wed, Apr 11, 2018 at 6:02 PM, Eric McCorkle   net
>  > wrote:
> 
>   I think the thing to do at this point is to wait for the
>  current
> >>> work on
> 
>   loader.efi to land, then adapt my patches to apply against
>  that work.
> 
>   On 04/11/2018 15:06, Warner Losh wrote:
>   > Still reviewing the code. I'm worried it's too i386
>  specific and it
>   > conflicts with some work I'm doing. I'll have a list of
>  actionable
>   > critiques this week.
>   >
>   > Warner
>   >
>   > On Wed, Apr 11, 2018 at 1:03 PM, Oliver Pinter
>   >    
>      >>
>   > wrote:
>   >
>   > Hi!
>   >
>   > Is there any update regarding the rebase or the
>  inclusion to
> >>> base
> 
>   > system?
>   > On 3/28/18, Eric McCorkle    >>> e...@metricspace.net>
> 
>   >   et>>>
> >>> wrote:
> 
>   > > I'll do another rebase from head just to be sure
>   > >
>   > > On March 28, 2018 3:23:23 PM EDT, Warner Losh <
> >>> i...@bsdimp.com 
> 
>   > >> wrote:
>   > >>It's on my list for nexr, finally. I have an
>  alternate patch
> >>> for
> 
>   > >>loader.efi
>   > >>from ESP, but i don't think it will affect the GELI
>  stuff. I
> >>> have some
> 
>   > >>time
>   > >>slotted for integration issues though.
>   > >>
>   > >>I am quite mindful of the freeze dates I  have
>  some uefi
> >>> boot
> 
>   > >>loader
>   > >>protocol changes that I need to get in.
>   > >>
>   > >>Warner
>   > >>
>   > >>On Feb 21, 2018 11:18 PM, "Tommi Pernila" <
> >>> tommi.pern...@iki.fi 
> 
>   >   fi>>>
> >>> wrote:
> 
>   > >>
>   > >>> Awesome, thanks for the update and the work that
>  you have
> >>> done!
> 
>   > >>>
>   > >>> Now we just need some more reviewers eyes on the
>  code :)
>   > >>>
>   > >>> Br,
>   > >>>
>   > >>> Tommi
>   > >>>
>   > >>> On Thu, 22 Feb 2018 at 2.03, Eric McCorkle <
> >>> e...@metricspace.net 
> 
>   >   et>>>
>   > >>wrote:
>   > >>>
>   >  FYI, I just IFC'ed everything, and the current
>  

Re: GELI with UEFI supporting Boot Environments goes to HEAD when?

[Allan Jude]

I will look at updating the rootgen.sh script this evening, to support 
creating more flexible ESP partitions, so we can drop the loader.efi 
into an msdosfs directly.


On 07/08/2018 15:31, Ian Lepore wrote:

On Sun, 2018-07-08 at 21:08 +0200, Oliver Pinter wrote:

Hi!

Have you or Warner any update on this code?

On Thursday, April 12, 2018, Eric McCorkle 
wrote:



Are you aware of https://reviews.freebsd.org/D15743 ?

That's my changes to add geli support to loader(8) in an architecture-
agnostic way, so that "it just works" for all platforms and flavors of
loader. It has been succesfully tested on armv6/7 (ubldr) and on x86
using qemu.  The x86 tests cover ufs and zfs, legacy bios and uefi. The
only variations that aren't tested yet are the uefi flavors, because
the current rootgen.sh script for assembling test images is still using
boot1.efi and I don't know enough about efi myself to update the script
to make it assemble images the new way Warner envisions.

-- Ian



I'm in the middle of moving to a new apartment right now.  It's
going to
be a bit before I can get to this.

On 04/11/2018 20:31, Warner Losh wrote:


OK. I've pushed in the main part of it. The additional work I
have
shouldn't affect any of this stuff.  I was going to look at what
part(s)
of your open reviewed needed to be redone tomorrow and send you
feedback, but if you wanted to get a start before then, I'm happy
to
answer questions. All the rest of my work is going to be
selecting the
root partition when we're told to us a specific partition, so
will be
very constrained.

Warner

On Wed, Apr 11, 2018 at 6:02 PM, Eric McCorkle mailto:e...@metricspace.net>> wrote:

 I think the thing to do at this point is to wait for the
current

work on


 loader.efi to land, then adapt my patches to apply against
that work.

 On 04/11/2018 15:06, Warner Losh wrote:
 > Still reviewing the code. I'm worried it's too i386
specific and it
 > conflicts with some work I'm doing. I'll have a list of
actionable
 > critiques this week.
 >
 > Warner
 >
 > On Wed, Apr 11, 2018 at 1:03 PM, Oliver Pinter
 > mailto:oliver.pin...@hardenedbsd.org>
 >>
 > wrote:
 >
 > Hi!
 >
 > Is there any update regarding the rebase or the
inclusion to

base


 > system?
 > On 3/28/18, Eric McCorkle 
e...@metricspace.net>


 > >>

wrote:


 > > I'll do another rebase from head just to be sure
 > >
 > > On March 28, 2018 3:23:23 PM EDT, Warner Losh <

i...@bsdimp.com 


 > >> wrote:
 > >>It's on my list for nexr, finally. I have an
alternate patch

for


 > >>loader.efi
 > >>from ESP, but i don't think it will affect the GELI
stuff. I

have some


 > >>time
 > >>slotted for integration issues though.
 > >>
 > >>I am quite mindful of the freeze dates I  have
some uefi

boot


 > >>loader
 > >>protocol changes that I need to get in.
 > >>
 > >>Warner
 > >>
 > >>On Feb 21, 2018 11:18 PM, "Tommi Pernila" <

tommi.pern...@iki.fi 


 > >>

wrote:


 > >>
 > >>> Awesome, thanks for the update and the work that
you have

done!


 > >>>
 > >>> Now we just need some more reviewers eyes on the
code :)
 > >>>
 > >>> Br,
 > >>>
 > >>> Tommi
 > >>>
 > >>> On Thu, 22 Feb 2018 at 2.03, Eric McCorkle <

e...@metricspace.net 


 > >>
 > >>wrote:
 > >>>
 >  FYI, I just IFC'ed everything, and the current
patches
 are still
 > >>fine.
 > 
 >  Also, the full GELI + standalone loader has been
deployed
 on one of
 > >>my
 >  laptops for some time now.
 > 
 >  On 02/21/2018 18:15, Eric McCorkle wrote:
 >  > The GELI work could be merged at this point,
though it
 won't be
 > >>usable
 >  > without an additional patch to enable loader-
only
 operation.  The
 >  > patches are currently up for review:
 >  >
 >  > This is the order in which they'd need to be
merged:
 >  >
 >  >
 >  > https://reviews.freebsd.org/D12732
 
 > >
 >  >
 >  > This one changes the efipart device.  Toomas
Soome
 identified
 > some
 > 

Re: GELI with UEFI supporting Boot Environments goes to HEAD when?

[Eric McCorkle]

I intend to endorse this patch over my own once I'm able to test it out on my 
test images.

My approach is highly EFI-specific, and it made sense to do it that way when 
boot1.efi was still a thing. The architecture agnostic method makes more sense 
now that it's gone. 

On July 8, 2018 3:31:47 PM EDT, Ian Lepore  wrote:
>On Sun, 2018-07-08 at 21:08 +0200, Oliver Pinter wrote:
>> Hi!
>> 
>> Have you or Warner any update on this code?
>> 
>> On Thursday, April 12, 2018, Eric McCorkle 
>> wrote:
>> 
>
>Are you aware of https://reviews.freebsd.org/D15743 ?
>
>That's my changes to add geli support to loader(8) in an architecture-
>agnostic way, so that "it just works" for all platforms and flavors of
>loader. It has been succesfully tested on armv6/7 (ubldr) and on x86
>using qemu.  The x86 tests cover ufs and zfs, legacy bios and uefi. The
>only variations that aren't tested yet are the uefi flavors, because
>the current rootgen.sh script for assembling test images is still using
>boot1.efi and I don't know enough about efi myself to update the script
>to make it assemble images the new way Warner envisions.
>
>-- Ian
>
>> > 
>> > I'm in the middle of moving to a new apartment right now.  It's
>> > going to
>> > be a bit before I can get to this.
>> > 
>> > On 04/11/2018 20:31, Warner Losh wrote:
>> > > 
>> > > OK. I've pushed in the main part of it. The additional work I
>> > > have
>> > > shouldn't affect any of this stuff.  I was going to look at what
>> > > part(s)
>> > > of your open reviewed needed to be redone tomorrow and send you
>> > > feedback, but if you wanted to get a start before then, I'm happy
>> > > to
>> > > answer questions. All the rest of my work is going to be
>> > > selecting the
>> > > root partition when we're told to us a specific partition, so
>> > > will be
>> > > very constrained.
>> > > 
>> > > Warner
>> > > 
>> > > On Wed, Apr 11, 2018 at 6:02 PM, Eric McCorkle > > > net
>> > > > wrote:
>> > > 
>> > > I think the thing to do at this point is to wait for the
>> > > current
>> > work on
>> > > 
>> > > loader.efi to land, then adapt my patches to apply against
>> > > that work.
>> > > 
>> > > On 04/11/2018 15:06, Warner Losh wrote:
>> > > > Still reviewing the code. I'm worried it's too i386
>> > > specific and it
>> > > > conflicts with some work I'm doing. I'll have a list of
>> > > actionable
>> > > > critiques this week.
>> > > >
>> > > > Warner
>> > > >
>> > > > On Wed, Apr 11, 2018 at 1:03 PM, Oliver Pinter
>> > > > > > > 
>> > > > > > >>
>> > > > wrote:
>> > > >
>> > > > Hi!
>> > > >
>> > > > Is there any update regarding the rebase or the
>> > > inclusion to
>> > base
>> > > 
>> > > > system?
>> > > > On 3/28/18, Eric McCorkle > > > > > e...@metricspace.net>
>> > > 
>> > > > > > > et>>>
>> > wrote:
>> > > 
>> > > > > I'll do another rebase from head just to be sure
>> > > > >
>> > > > > On March 28, 2018 3:23:23 PM EDT, Warner Losh <
>> > i...@bsdimp.com 
>> > > 
>> > > > >> wrote:
>> > > > >>It's on my list for nexr, finally. I have an
>> > > alternate patch
>> > for
>> > > 
>> > > > >>loader.efi
>> > > > >>from ESP, but i don't think it will affect the GELI
>> > > stuff. I
>> > have some
>> > > 
>> > > > >>time
>> > > > >>slotted for integration issues though.
>> > > > >>
>> > > > >>I am quite mindful of the freeze dates I  have
>> > > some uefi
>> > boot
>> > > 
>> > > > >>loader
>> > > > >>protocol changes that I need to get in.
>> > > > >>
>> > > > >>Warner
>> > > > >>
>> > > > >>On Feb 21, 2018 11:18 PM, "Tommi Pernila" <
>> > tommi.pern...@iki.fi 
>> > > 
>> > > > > > > fi>>>
>> > wrote:
>> > > 
>> > > > >>
>> > > > >>> Awesome, thanks for the update and the work that
>> > > you have
>> > done!
>> > > 
>> > > > >>>
>> > > > >>> Now we just need some more reviewers eyes on the
>> > > code :)
>> > > > >>>
>> > > > >>> Br,
>> > > > >>>
>> > > > >>> Tommi
>> > > > >>>
>> > > > >>> On Thu, 22 Feb 2018 at 2.03, Eric McCorkle <
>> > e...@metricspace.net 
>> > > 
>> > > > > > > et>>>
>> > > > >>wrote:
>> > > > >>>
>> > > >  FYI, I just IFC'ed everything, and the current
>> > > patches
>> > > are still
>> > > > >>fine.
>> > > > 
>> > > > 

Re: GELI with UEFI supporting Boot Environments goes to HEAD when?

[Oliver Pinter]

On Sunday, July 8, 2018, Ian Lepore  wrote:

> On Sun, 2018-07-08 at 21:08 +0200, Oliver Pinter wrote:
> > Hi!
> >
> > Have you or Warner any update on this code?
> >
> > On Thursday, April 12, 2018, Eric McCorkle 
> > wrote:
> >
>
> Are you aware of https://reviews.freebsd.org/D15743 ?
>
> That's my changes to add geli support to loader(8) in an architecture-
> agnostic way, so that "it just works" for all platforms and flavors of
> loader. It has been succesfully tested on armv6/7 (ubldr) and on x86
> using qemu.  The x86 tests cover ufs and zfs, legacy bios and uefi. The
> only variations that aren't tested yet are the uefi flavors, because
> the current rootgen.sh script for assembling test images is still using
> boot1.efi and I don't know enough about efi myself to update the script
> to make it assemble images the new way Warner envisions.
>
>
Not yet, but thanks for the link!


> -- Ian
>
> > >
> > > I'm in the middle of moving to a new apartment right now.  It's
> > > going to
> > > be a bit before I can get to this.
> > >
> > > On 04/11/2018 20:31, Warner Losh wrote:
> > > >
> > > > OK. I've pushed in the main part of it. The additional work I
> > > > have
> > > > shouldn't affect any of this stuff.  I was going to look at what
> > > > part(s)
> > > > of your open reviewed needed to be redone tomorrow and send you
> > > > feedback, but if you wanted to get a start before then, I'm happy
> > > > to
> > > > answer questions. All the rest of my work is going to be
> > > > selecting the
> > > > root partition when we're told to us a specific partition, so
> > > > will be
> > > > very constrained.
> > > >
> > > > Warner
> > > >
> > > > On Wed, Apr 11, 2018 at 6:02 PM, Eric McCorkle  > > > net
> > > > > wrote:
> > > >
> > > > I think the thing to do at this point is to wait for the
> > > > current
> > > work on
> > > >
> > > > loader.efi to land, then adapt my patches to apply against
> > > > that work.
> > > >
> > > > On 04/11/2018 15:06, Warner Losh wrote:
> > > > > Still reviewing the code. I'm worried it's too i386
> > > > specific and it
> > > > > conflicts with some work I'm doing. I'll have a list of
> > > > actionable
> > > > > critiques this week.
> > > > >
> > > > > Warner
> > > > >
> > > > > On Wed, Apr 11, 2018 at 1:03 PM, Oliver Pinter
> > > > >  > > > 
> > > >  > > > >>
> > > > > wrote:
> > > > >
> > > > > Hi!
> > > > >
> > > > > Is there any update regarding the rebase or the
> > > > inclusion to
> > > base
> > > >
> > > > > system?
> > > > > On 3/28/18, Eric McCorkle  > > >  > > e...@metricspace.net>
> > > >
> > > > >  > > > et>>>
> > > wrote:
> > > >
> > > > > > I'll do another rebase from head just to be sure
> > > > > >
> > > > > > On March 28, 2018 3:23:23 PM EDT, Warner Losh <
> > > i...@bsdimp.com 
> > > >
> > > > > >> wrote:
> > > > > >>It's on my list for nexr, finally. I have an
> > > > alternate patch
> > > for
> > > >
> > > > > >>loader.efi
> > > > > >>from ESP, but i don't think it will affect the GELI
> > > > stuff. I
> > > have some
> > > >
> > > > > >>time
> > > > > >>slotted for integration issues though.
> > > > > >>
> > > > > >>I am quite mindful of the freeze dates I  have
> > > > some uefi
> > > boot
> > > >
> > > > > >>loader
> > > > > >>protocol changes that I need to get in.
> > > > > >>
> > > > > >>Warner
> > > > > >>
> > > > > >>On Feb 21, 2018 11:18 PM, "Tommi Pernila" <
> > > tommi.pern...@iki.fi 
> > > >
> > > > >  > > > fi>>>
> > > wrote:
> > > >
> > > > > >>
> > > > > >>> Awesome, thanks for the update and the work that
> > > > you have
> > > done!
> > > >
> > > > > >>>
> > > > > >>> Now we just need some more reviewers eyes on the
> > > > code :)
> > > > > >>>
> > > > > >>> Br,
> > > > > >>>
> > > > > >>> Tommi
> > > > > >>>
> > > > > >>> On Thu, 22 Feb 2018 at 2.03, Eric McCorkle <
> > > e...@metricspace.net 
> > > >
> > > > >  > > > et>>>
> > > > > >>wrote:
> > > > > >>>
> > > > >  FYI, I just IFC'ed everything, and the current
> > > > patches
> > > > are still
> > > > > >>fine.
> > > > > 
> > > > >  Also, the full GELI + standalone loader has been
> > > > deployed
> > > > on one of
> > > > > >>my
> > > > 

Re: GELI with UEFI supporting Boot Environments goes to HEAD when?

[Ian Lepore]

On Sun, 2018-07-08 at 21:08 +0200, Oliver Pinter wrote:
> Hi!
> 
> Have you or Warner any update on this code?
> 
> On Thursday, April 12, 2018, Eric McCorkle 
> wrote:
> 

Are you aware of https://reviews.freebsd.org/D15743 ?

That's my changes to add geli support to loader(8) in an architecture-
agnostic way, so that "it just works" for all platforms and flavors of
loader. It has been succesfully tested on armv6/7 (ubldr) and on x86
using qemu.  The x86 tests cover ufs and zfs, legacy bios and uefi. The
only variations that aren't tested yet are the uefi flavors, because
the current rootgen.sh script for assembling test images is still using
boot1.efi and I don't know enough about efi myself to update the script
to make it assemble images the new way Warner envisions.

-- Ian

> > 
> > I'm in the middle of moving to a new apartment right now.  It's
> > going to
> > be a bit before I can get to this.
> > 
> > On 04/11/2018 20:31, Warner Losh wrote:
> > > 
> > > OK. I've pushed in the main part of it. The additional work I
> > > have
> > > shouldn't affect any of this stuff.  I was going to look at what
> > > part(s)
> > > of your open reviewed needed to be redone tomorrow and send you
> > > feedback, but if you wanted to get a start before then, I'm happy
> > > to
> > > answer questions. All the rest of my work is going to be
> > > selecting the
> > > root partition when we're told to us a specific partition, so
> > > will be
> > > very constrained.
> > > 
> > > Warner
> > > 
> > > On Wed, Apr 11, 2018 at 6:02 PM, Eric McCorkle  > > net
> > > > wrote:
> > > 
> > > I think the thing to do at this point is to wait for the
> > > current
> > work on
> > > 
> > > loader.efi to land, then adapt my patches to apply against
> > > that work.
> > > 
> > > On 04/11/2018 15:06, Warner Losh wrote:
> > > > Still reviewing the code. I'm worried it's too i386
> > > specific and it
> > > > conflicts with some work I'm doing. I'll have a list of
> > > actionable
> > > > critiques this week.
> > > >
> > > > Warner
> > > >
> > > > On Wed, Apr 11, 2018 at 1:03 PM, Oliver Pinter
> > > >  > > 
> > >  > > >>
> > > > wrote:
> > > >
> > > > Hi!
> > > >
> > > > Is there any update regarding the rebase or the
> > > inclusion to
> > base
> > > 
> > > > system?
> > > > On 3/28/18, Eric McCorkle  > >  > e...@metricspace.net>
> > > 
> > > >  > > et>>>
> > wrote:
> > > 
> > > > > I'll do another rebase from head just to be sure
> > > > >
> > > > > On March 28, 2018 3:23:23 PM EDT, Warner Losh <
> > i...@bsdimp.com 
> > > 
> > > > >> wrote:
> > > > >>It's on my list for nexr, finally. I have an
> > > alternate patch
> > for
> > > 
> > > > >>loader.efi
> > > > >>from ESP, but i don't think it will affect the GELI
> > > stuff. I
> > have some
> > > 
> > > > >>time
> > > > >>slotted for integration issues though.
> > > > >>
> > > > >>I am quite mindful of the freeze dates I  have
> > > some uefi
> > boot
> > > 
> > > > >>loader
> > > > >>protocol changes that I need to get in.
> > > > >>
> > > > >>Warner
> > > > >>
> > > > >>On Feb 21, 2018 11:18 PM, "Tommi Pernila" <
> > tommi.pern...@iki.fi 
> > > 
> > > >  > > fi>>>
> > wrote:
> > > 
> > > > >>
> > > > >>> Awesome, thanks for the update and the work that
> > > you have
> > done!
> > > 
> > > > >>>
> > > > >>> Now we just need some more reviewers eyes on the
> > > code :)
> > > > >>>
> > > > >>> Br,
> > > > >>>
> > > > >>> Tommi
> > > > >>>
> > > > >>> On Thu, 22 Feb 2018 at 2.03, Eric McCorkle <
> > e...@metricspace.net 
> > > 
> > > >  > > et>>>
> > > > >>wrote:
> > > > >>>
> > > >  FYI, I just IFC'ed everything, and the current
> > > patches
> > > are still
> > > > >>fine.
> > > > 
> > > >  Also, the full GELI + standalone loader has been
> > > deployed
> > > on one of
> > > > >>my
> > > >  laptops for some time now.
> > > > 
> > > >  On 02/21/2018 18:15, Eric McCorkle wrote:
> > > >  > The GELI work could be merged at this point,
> > > though it
> > > won't be
> > > > >>usable
> > > >  > without an additional patch to enable loader-
> > > only
> > > operation.  

Re: GELI with UEFI supporting Boot Environments goes to HEAD when?

[Oliver Pinter]

Hi!

Have you or Warner any update on this code?

On Thursday, April 12, 2018, Eric McCorkle  wrote:

> I'm in the middle of moving to a new apartment right now.  It's going to
> be a bit before I can get to this.
>
> On 04/11/2018 20:31, Warner Losh wrote:
> > OK. I've pushed in the main part of it. The additional work I have
> > shouldn't affect any of this stuff.  I was going to look at what part(s)
> > of your open reviewed needed to be redone tomorrow and send you
> > feedback, but if you wanted to get a start before then, I'm happy to
> > answer questions. All the rest of my work is going to be selecting the
> > root partition when we're told to us a specific partition, so will be
> > very constrained.
> >
> > Warner
> >
> > On Wed, Apr 11, 2018 at 6:02 PM, Eric McCorkle  > > wrote:
> >
> > I think the thing to do at this point is to wait for the current
> work on
> > loader.efi to land, then adapt my patches to apply against that work.
> >
> > On 04/11/2018 15:06, Warner Losh wrote:
> > > Still reviewing the code. I'm worried it's too i386 specific and it
> > > conflicts with some work I'm doing. I'll have a list of actionable
> > > critiques this week.
> > >
> > > Warner
> > >
> > > On Wed, Apr 11, 2018 at 1:03 PM, Oliver Pinter
> > >  > 
> >  > >>
> > > wrote:
> > >
> > > Hi!
> > >
> > > Is there any update regarding the rebase or the inclusion to
> base
> > > system?
> > > On 3/28/18, Eric McCorkle  e...@metricspace.net>
> > > >>
> wrote:
> > > > I'll do another rebase from head just to be sure
> > > >
> > > > On March 28, 2018 3:23:23 PM EDT, Warner Losh <
> i...@bsdimp.com 
> > > >> wrote:
> > > >>It's on my list for nexr, finally. I have an alternate patch
> for
> > > >>loader.efi
> > > >>from ESP, but i don't think it will affect the GELI stuff. I
> have some
> > > >>time
> > > >>slotted for integration issues though.
> > > >>
> > > >>I am quite mindful of the freeze dates I  have some uefi
> boot
> > > >>loader
> > > >>protocol changes that I need to get in.
> > > >>
> > > >>Warner
> > > >>
> > > >>On Feb 21, 2018 11:18 PM, "Tommi Pernila" <
> tommi.pern...@iki.fi 
> > > >>
> wrote:
> > > >>
> > > >>> Awesome, thanks for the update and the work that you have
> done!
> > > >>>
> > > >>> Now we just need some more reviewers eyes on the code :)
> > > >>>
> > > >>> Br,
> > > >>>
> > > >>> Tommi
> > > >>>
> > > >>> On Thu, 22 Feb 2018 at 2.03, Eric McCorkle <
> e...@metricspace.net 
> > > >>
> > > >>wrote:
> > > >>>
> > >  FYI, I just IFC'ed everything, and the current patches
> > are still
> > > >>fine.
> > > 
> > >  Also, the full GELI + standalone loader has been deployed
> > on one of
> > > >>my
> > >  laptops for some time now.
> > > 
> > >  On 02/21/2018 18:15, Eric McCorkle wrote:
> > >  > The GELI work could be merged at this point, though it
> > won't be
> > > >>usable
> > >  > without an additional patch to enable loader-only
> > operation.  The
> > >  > patches are currently up for review:
> > >  >
> > >  > This is the order in which they'd need to be merged:
> > >  >
> > >  >
> > >  > https://reviews.freebsd.org/D12732
> > 
> > >  > >
> > >  >
> > >  > This one changes the efipart device.  Toomas Soome
> > identified
> > > some
> > >  > problems, which I have addressed.  He has not
> > re-reviewed it,
> > > >>however.
> > >  >
> > >  >
> > >  > https://reviews.freebsd.org/D12692
> > 
> > >  > >
> > >  >
> > >  > This adds some crypto code needed for GELI.  It simply
> > adds new
> > > >>code,
> > >  > and doesn't conflict with anything.
> > >  >
> > >  >
> > >  > 

Re: GELI with UEFI supporting Boot Environments goes to HEAD when?

[Eric McCorkle]

I'm in the middle of moving to a new apartment right now.  It's going to
be a bit before I can get to this.

On 04/11/2018 20:31, Warner Losh wrote:
> OK. I've pushed in the main part of it. The additional work I have
> shouldn't affect any of this stuff.  I was going to look at what part(s)
> of your open reviewed needed to be redone tomorrow and send you
> feedback, but if you wanted to get a start before then, I'm happy to
> answer questions. All the rest of my work is going to be selecting the
> root partition when we're told to us a specific partition, so will be
> very constrained.
> 
> Warner
> 
> On Wed, Apr 11, 2018 at 6:02 PM, Eric McCorkle  > wrote:
> 
> I think the thing to do at this point is to wait for the current work on
> loader.efi to land, then adapt my patches to apply against that work.
> 
> On 04/11/2018 15:06, Warner Losh wrote:
> > Still reviewing the code. I'm worried it's too i386 specific and it
> > conflicts with some work I'm doing. I'll have a list of actionable
> > critiques this week.
> >
> > Warner
> >
> > On Wed, Apr 11, 2018 at 1:03 PM, Oliver Pinter
> >  
>  >>
> > wrote:
> >
> >     Hi!
> >
> >     Is there any update regarding the rebase or the inclusion to base
> >     system?
> >     On 3/28/18, Eric McCorkle  
> >     >> wrote:
> >     > I'll do another rebase from head just to be sure
> >     >
> >     > On March 28, 2018 3:23:23 PM EDT, Warner Losh  
> >     >> wrote:
> >     >>It's on my list for nexr, finally. I have an alternate patch for
> >     >>loader.efi
> >     >>from ESP, but i don't think it will affect the GELI stuff. I have 
> some
> >     >>time
> >     >>slotted for integration issues though.
> >     >>
> >     >>I am quite mindful of the freeze dates I  have some uefi boot
> >     >>loader
> >     >>protocol changes that I need to get in.
> >     >>
> >     >>Warner
> >     >>
> >     >>On Feb 21, 2018 11:18 PM, "Tommi Pernila"  
> >     >> wrote:
> >     >>
> >     >>> Awesome, thanks for the update and the work that you have done!
> >     >>>
> >     >>> Now we just need some more reviewers eyes on the code :)
> >     >>>
> >     >>> Br,
> >     >>>
> >     >>> Tommi
> >     >>>
> >     >>> On Thu, 22 Feb 2018 at 2.03, Eric McCorkle 
> 
> >     >>
> >     >>wrote:
> >     >>>
> >      FYI, I just IFC'ed everything, and the current patches
> are still
> >     >>fine.
> >     
> >      Also, the full GELI + standalone loader has been deployed
> on one of
> >     >>my
> >      laptops for some time now.
> >     
> >      On 02/21/2018 18:15, Eric McCorkle wrote:
> >      > The GELI work could be merged at this point, though it
> won't be
> >     >>usable
> >      > without an additional patch to enable loader-only
> operation.  The
> >      > patches are currently up for review:
> >      >
> >      > This is the order in which they'd need to be merged:
> >      >
> >      >
> >      > https://reviews.freebsd.org/D12732
> 
> >      >
> >      >
> >      > This one changes the efipart device.  Toomas Soome
> identified
> >     some
> >      > problems, which I have addressed.  He has not
> re-reviewed it,
> >     >>however.
> >      >
> >      >
> >      > https://reviews.freebsd.org/D12692
> 
> >      >
> >      >
> >      > This adds some crypto code needed for GELI.  It simply
> adds new
> >     >>code,
> >      > and doesn't conflict with anything.
> >      >
> >      >
> >      > https://reviews.freebsd.org/D12698
> 
> >      >
> >      >
> >      > This adds the EFI KMS interface code, and has the 

Re: GELI with UEFI supporting Boot Environments goes to HEAD when?

[Warner Losh]

OK. I've pushed in the main part of it. The additional work I have
shouldn't affect any of this stuff.  I was going to look at what part(s) of
your open reviewed needed to be redone tomorrow and send you feedback, but
if you wanted to get a start before then, I'm happy to answer questions.
All the rest of my work is going to be selecting the root partition when
we're told to us a specific partition, so will be very constrained.

Warner

On Wed, Apr 11, 2018 at 6:02 PM, Eric McCorkle  wrote:

> I think the thing to do at this point is to wait for the current work on
> loader.efi to land, then adapt my patches to apply against that work.
>
> On 04/11/2018 15:06, Warner Losh wrote:
> > Still reviewing the code. I'm worried it's too i386 specific and it
> > conflicts with some work I'm doing. I'll have a list of actionable
> > critiques this week.
> >
> > Warner
> >
> > On Wed, Apr 11, 2018 at 1:03 PM, Oliver Pinter
> > >
> > wrote:
> >
> > Hi!
> >
> > Is there any update regarding the rebase or the inclusion to base
> > system?
> > On 3/28/18, Eric McCorkle  > > wrote:
> > > I'll do another rebase from head just to be sure
> > >
> > > On March 28, 2018 3:23:23 PM EDT, Warner Losh  > > wrote:
> > >>It's on my list for nexr, finally. I have an alternate patch for
> > >>loader.efi
> > >>from ESP, but i don't think it will affect the GELI stuff. I have
> some
> > >>time
> > >>slotted for integration issues though.
> > >>
> > >>I am quite mindful of the freeze dates I  have some uefi boot
> > >>loader
> > >>protocol changes that I need to get in.
> > >>
> > >>Warner
> > >>
> > >>On Feb 21, 2018 11:18 PM, "Tommi Pernila"  > > wrote:
> > >>
> > >>> Awesome, thanks for the update and the work that you have done!
> > >>>
> > >>> Now we just need some more reviewers eyes on the code :)
> > >>>
> > >>> Br,
> > >>>
> > >>> Tommi
> > >>>
> > >>> On Thu, 22 Feb 2018 at 2.03, Eric McCorkle  > >
> > >>wrote:
> > >>>
> >  FYI, I just IFC'ed everything, and the current patches are still
> > >>fine.
> > 
> >  Also, the full GELI + standalone loader has been deployed on
> one of
> > >>my
> >  laptops for some time now.
> > 
> >  On 02/21/2018 18:15, Eric McCorkle wrote:
> >  > The GELI work could be merged at this point, though it won't
> be
> > >>usable
> >  > without an additional patch to enable loader-only operation.
> The
> >  > patches are currently up for review:
> >  >
> >  > This is the order in which they'd need to be merged:
> >  >
> >  >
> >  > https://reviews.freebsd.org/D12732
> > 
> >  >
> >  > This one changes the efipart device.  Toomas Soome identified
> > some
> >  > problems, which I have addressed.  He has not re-reviewed it,
> > >>however.
> >  >
> >  >
> >  > https://reviews.freebsd.org/D12692
> > 
> >  >
> >  > This adds some crypto code needed for GELI.  It simply adds
> new
> > >>code,
> >  > and doesn't conflict with anything.
> >  >
> >  >
> >  > https://reviews.freebsd.org/D12698
> > 
> >  >
> >  > This adds the EFI KMS interface code, and has the EFI loader
> pass
> > >>keys
> >  > into the keybuf interface.
> >  >
> >  >
> >  > I can't post the main GELI driver until those get merged, as
> it
> > >>depends
> >  > on them.  It can be found on the geli branch on my github
> freebsd
> >  > repository, however.
> >  >
> >  >
> >  > Additionally, you need this patch, which allows loader.efi to
> > >>function
> >  > when installed directly to the ESP:
> >  >
> >  > https://reviews.freebsd.org/D13497
> > 
> >  >
> >  > On 02/20/2018 22:56, Tommi Pernila wrote:
> >  >> Hi Eric,
> >  >>
> >  >> could you provide a brief update how the work is going?
> >  >>
> >  >>
> >  >> Br,
> >  >>
> >  >> Tommi
> >  >>
> >  >>
> >  >> On Nov 16, 2017 04:29, "Eric McCorkle"  > 
> >  >> >>
> > wrote:
> >  >>
> >  >> Right, so basically, the 

Re: GELI with UEFI supporting Boot Environments goes to HEAD when?

[Eric McCorkle]

I think the thing to do at this point is to wait for the current work on
loader.efi to land, then adapt my patches to apply against that work.

On 04/11/2018 15:06, Warner Losh wrote:
> Still reviewing the code. I'm worried it's too i386 specific and it
> conflicts with some work I'm doing. I'll have a list of actionable
> critiques this week.
> 
> Warner
> 
> On Wed, Apr 11, 2018 at 1:03 PM, Oliver Pinter
> >
> wrote:
> 
> Hi!
> 
> Is there any update regarding the rebase or the inclusion to base
> system?
> On 3/28/18, Eric McCorkle  > wrote:
> > I'll do another rebase from head just to be sure
> >
> > On March 28, 2018 3:23:23 PM EDT, Warner Losh  > wrote:
> >>It's on my list for nexr, finally. I have an alternate patch for
> >>loader.efi
> >>from ESP, but i don't think it will affect the GELI stuff. I have some
> >>time
> >>slotted for integration issues though.
> >>
> >>I am quite mindful of the freeze dates I  have some uefi boot
> >>loader
> >>protocol changes that I need to get in.
> >>
> >>Warner
> >>
> >>On Feb 21, 2018 11:18 PM, "Tommi Pernila"  > wrote:
> >>
> >>> Awesome, thanks for the update and the work that you have done!
> >>>
> >>> Now we just need some more reviewers eyes on the code :)
> >>>
> >>> Br,
> >>>
> >>> Tommi
> >>>
> >>> On Thu, 22 Feb 2018 at 2.03, Eric McCorkle  >
> >>wrote:
> >>>
>  FYI, I just IFC'ed everything, and the current patches are still
> >>fine.
> 
>  Also, the full GELI + standalone loader has been deployed on one of
> >>my
>  laptops for some time now.
> 
>  On 02/21/2018 18:15, Eric McCorkle wrote:
>  > The GELI work could be merged at this point, though it won't be
> >>usable
>  > without an additional patch to enable loader-only operation.  The
>  > patches are currently up for review:
>  >
>  > This is the order in which they'd need to be merged:
>  >
>  >
>  > https://reviews.freebsd.org/D12732
> 
>  >
>  > This one changes the efipart device.  Toomas Soome identified
> some
>  > problems, which I have addressed.  He has not re-reviewed it,
> >>however.
>  >
>  >
>  > https://reviews.freebsd.org/D12692
> 
>  >
>  > This adds some crypto code needed for GELI.  It simply adds new
> >>code,
>  > and doesn't conflict with anything.
>  >
>  >
>  > https://reviews.freebsd.org/D12698
> 
>  >
>  > This adds the EFI KMS interface code, and has the EFI loader pass
> >>keys
>  > into the keybuf interface.
>  >
>  >
>  > I can't post the main GELI driver until those get merged, as it
> >>depends
>  > on them.  It can be found on the geli branch on my github freebsd
>  > repository, however.
>  >
>  >
>  > Additionally, you need this patch, which allows loader.efi to
> >>function
>  > when installed directly to the ESP:
>  >
>  > https://reviews.freebsd.org/D13497
> 
>  >
>  > On 02/20/2018 22:56, Tommi Pernila wrote:
>  >> Hi Eric,
>  >>
>  >> could you provide a brief update how the work is going?
>  >>
>  >>
>  >> Br,
>  >>
>  >> Tommi
>  >>
>  >>
>  >> On Nov 16, 2017 04:29, "Eric McCorkle"  
>  >> >>
> wrote:
>  >>
>  >>     Right, so basically, the remaining GELI patches are against
>  loader, and
>  >>     most of them can go in independently of the work on removing
> >>boot1.
>  >>     There's a unanimous consensus on getting rid of boot1 which
>  includes its
>  >>     original author, so that's going to happen.
>  >>
>  >>
>  >>     For GELI, we have the following (not necessarily in order):
>  >>
>  >>     a) Adding the KMS interfaces, pseudo-device, and kernel
> >>keybuf
>  >>     interactions
>  >>     b) Modifications to the efipart driver
>  >>     c) boot crypto
>  >>     d) GELI partition types (not strictly necessary)
>  >>
>  >>     Then there's the GELI driver 

Re: GELI with UEFI supporting Boot Environments goes to HEAD when?

[Warner Losh]

Still reviewing the code. I'm worried it's too i386 specific and it
conflicts with some work I'm doing. I'll have a list of actionable
critiques this week.

Warner

On Wed, Apr 11, 2018 at 1:03 PM, Oliver Pinter <
oliver.pin...@hardenedbsd.org> wrote:

> Hi!
>
> Is there any update regarding the rebase or the inclusion to base system?
> On 3/28/18, Eric McCorkle  wrote:
> > I'll do another rebase from head just to be sure
> >
> > On March 28, 2018 3:23:23 PM EDT, Warner Losh  wrote:
> >>It's on my list for nexr, finally. I have an alternate patch for
> >>loader.efi
> >>from ESP, but i don't think it will affect the GELI stuff. I have some
> >>time
> >>slotted for integration issues though.
> >>
> >>I am quite mindful of the freeze dates I  have some uefi boot
> >>loader
> >>protocol changes that I need to get in.
> >>
> >>Warner
> >>
> >>On Feb 21, 2018 11:18 PM, "Tommi Pernila"  wrote:
> >>
> >>> Awesome, thanks for the update and the work that you have done!
> >>>
> >>> Now we just need some more reviewers eyes on the code :)
> >>>
> >>> Br,
> >>>
> >>> Tommi
> >>>
> >>> On Thu, 22 Feb 2018 at 2.03, Eric McCorkle 
> >>wrote:
> >>>
>  FYI, I just IFC'ed everything, and the current patches are still
> >>fine.
> 
>  Also, the full GELI + standalone loader has been deployed on one of
> >>my
>  laptops for some time now.
> 
>  On 02/21/2018 18:15, Eric McCorkle wrote:
>  > The GELI work could be merged at this point, though it won't be
> >>usable
>  > without an additional patch to enable loader-only operation.  The
>  > patches are currently up for review:
>  >
>  > This is the order in which they'd need to be merged:
>  >
>  >
>  > https://reviews.freebsd.org/D12732
>  >
>  > This one changes the efipart device.  Toomas Soome identified some
>  > problems, which I have addressed.  He has not re-reviewed it,
> >>however.
>  >
>  >
>  > https://reviews.freebsd.org/D12692
>  >
>  > This adds some crypto code needed for GELI.  It simply adds new
> >>code,
>  > and doesn't conflict with anything.
>  >
>  >
>  > https://reviews.freebsd.org/D12698
>  >
>  > This adds the EFI KMS interface code, and has the EFI loader pass
> >>keys
>  > into the keybuf interface.
>  >
>  >
>  > I can't post the main GELI driver until those get merged, as it
> >>depends
>  > on them.  It can be found on the geli branch on my github freebsd
>  > repository, however.
>  >
>  >
>  > Additionally, you need this patch, which allows loader.efi to
> >>function
>  > when installed directly to the ESP:
>  >
>  > https://reviews.freebsd.org/D13497
>  >
>  > On 02/20/2018 22:56, Tommi Pernila wrote:
>  >> Hi Eric,
>  >>
>  >> could you provide a brief update how the work is going?
>  >>
>  >>
>  >> Br,
>  >>
>  >> Tommi
>  >>
>  >>
>  >> On Nov 16, 2017 04:29, "Eric McCorkle"   >> > wrote:
>  >>
>  >> Right, so basically, the remaining GELI patches are against
>  loader, and
>  >> most of them can go in independently of the work on removing
> >>boot1.
>  >> There's a unanimous consensus on getting rid of boot1 which
>  includes its
>  >> original author, so that's going to happen.
>  >>
>  >>
>  >> For GELI, we have the following (not necessarily in order):
>  >>
>  >> a) Adding the KMS interfaces, pseudo-device, and kernel
> >>keybuf
>  >> interactions
>  >> b) Modifications to the efipart driver
>  >> c) boot crypto
>  >> d) GELI partition types (not strictly necessary)
>  >>
>  >> Then there's the GELI driver itself.  (a) and (c) are good to
>  land, (b)
>  >> needs some more work after Toomas Soome pointed out a
> >>legitimate
>  >> problem, and (d) actually needs a good bit more code (but
> >>again,
>  it's
>  >> more cosmetic).  Additionally, the GELI driver will need
> >>further
>  mods to
>  >> efipart to be written (nothing too big).  But we could go
> >>ahead
>  with (a)
>  >> and (c), as they've already been proven to work.
>  >>
>  >> I'd wanted to have this stuff shaped up sooner, but I'm
>  preoccupied with
>  >> the 7th RISC-V workshop at the end of the month.
>  >>
>  >> Once this stuff is all in, loader should handle any GELI
> >>volumes it
>  >> finds, and it should Just Work once boot1 is gone.
>  >>
>  >>
>  > ___
>  > freebsd-current@freebsd.org mailing list
>  > https://lists.freebsd.org/mailman/listinfo/freebsd-current
>  > To unsubscribe, send any mail to "freebsd-current-unsubscribe@
>  

Re: GELI with UEFI supporting Boot Environments goes to HEAD when?

[Oliver Pinter]

Hi!

Is there any update regarding the rebase or the inclusion to base system?
On 3/28/18, Eric McCorkle  wrote:
> I'll do another rebase from head just to be sure
>
> On March 28, 2018 3:23:23 PM EDT, Warner Losh  wrote:
>>It's on my list for nexr, finally. I have an alternate patch for
>>loader.efi
>>from ESP, but i don't think it will affect the GELI stuff. I have some
>>time
>>slotted for integration issues though.
>>
>>I am quite mindful of the freeze dates I  have some uefi boot
>>loader
>>protocol changes that I need to get in.
>>
>>Warner
>>
>>On Feb 21, 2018 11:18 PM, "Tommi Pernila"  wrote:
>>
>>> Awesome, thanks for the update and the work that you have done!
>>>
>>> Now we just need some more reviewers eyes on the code :)
>>>
>>> Br,
>>>
>>> Tommi
>>>
>>> On Thu, 22 Feb 2018 at 2.03, Eric McCorkle 
>>wrote:
>>>
 FYI, I just IFC'ed everything, and the current patches are still
>>fine.

 Also, the full GELI + standalone loader has been deployed on one of
>>my
 laptops for some time now.

 On 02/21/2018 18:15, Eric McCorkle wrote:
 > The GELI work could be merged at this point, though it won't be
>>usable
 > without an additional patch to enable loader-only operation.  The
 > patches are currently up for review:
 >
 > This is the order in which they'd need to be merged:
 >
 >
 > https://reviews.freebsd.org/D12732
 >
 > This one changes the efipart device.  Toomas Soome identified some
 > problems, which I have addressed.  He has not re-reviewed it,
>>however.
 >
 >
 > https://reviews.freebsd.org/D12692
 >
 > This adds some crypto code needed for GELI.  It simply adds new
>>code,
 > and doesn't conflict with anything.
 >
 >
 > https://reviews.freebsd.org/D12698
 >
 > This adds the EFI KMS interface code, and has the EFI loader pass
>>keys
 > into the keybuf interface.
 >
 >
 > I can't post the main GELI driver until those get merged, as it
>>depends
 > on them.  It can be found on the geli branch on my github freebsd
 > repository, however.
 >
 >
 > Additionally, you need this patch, which allows loader.efi to
>>function
 > when installed directly to the ESP:
 >
 > https://reviews.freebsd.org/D13497
 >
 > On 02/20/2018 22:56, Tommi Pernila wrote:
 >> Hi Eric,
 >>
 >> could you provide a brief update how the work is going?
 >>
 >>
 >> Br,
 >>
 >> Tommi
 >>
 >>
 >> On Nov 16, 2017 04:29, "Eric McCorkle" > > wrote:
 >>
 >> Right, so basically, the remaining GELI patches are against
 loader, and
 >> most of them can go in independently of the work on removing
>>boot1.
 >> There's a unanimous consensus on getting rid of boot1 which
 includes its
 >> original author, so that's going to happen.
 >>
 >>
 >> For GELI, we have the following (not necessarily in order):
 >>
 >> a) Adding the KMS interfaces, pseudo-device, and kernel
>>keybuf
 >> interactions
 >> b) Modifications to the efipart driver
 >> c) boot crypto
 >> d) GELI partition types (not strictly necessary)
 >>
 >> Then there's the GELI driver itself.  (a) and (c) are good to
 land, (b)
 >> needs some more work after Toomas Soome pointed out a
>>legitimate
 >> problem, and (d) actually needs a good bit more code (but
>>again,
 it's
 >> more cosmetic).  Additionally, the GELI driver will need
>>further
 mods to
 >> efipart to be written (nothing too big).  But we could go
>>ahead
 with (a)
 >> and (c), as they've already been proven to work.
 >>
 >> I'd wanted to have this stuff shaped up sooner, but I'm
 preoccupied with
 >> the 7th RISC-V workshop at the end of the month.
 >>
 >> Once this stuff is all in, loader should handle any GELI
>>volumes it
 >> finds, and it should Just Work once boot1 is gone.
 >>
 >>
 > ___
 > freebsd-current@freebsd.org mailing list
 > https://lists.freebsd.org/mailman/listinfo/freebsd-current
 > To unsubscribe, send any mail to "freebsd-current-unsubscribe@
 freebsd.org"
 >

>>>
>
> --
> Sent from my Android device with K-9 Mail. Please excuse my brevity.
> ___
> freebsd-current@freebsd.org mailing list
> https://lists.freebsd.org/mailman/listinfo/freebsd-current
> To unsubscribe, send any mail to "freebsd-current-unsubscr...@freebsd.org"
>
___
freebsd-current@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-current
To unsubscribe, send any mail to 

Re: GELI with UEFI supporting Boot Environments goes to HEAD when?

[Tommi Pernila]

excellent, thanks again for all your work.

On Wed, 28 Mar 2018 at 22.25, Eric McCorkle  wrote:

> I'll do another rebase from head just to be sure
>
> On March 28, 2018 3:23:23 PM EDT, Warner Losh  wrote:
>>
>> It's on my list for nexr, finally. I have an alternate patch for
>> loader.efi from ESP, but i don't think it will affect the GELI stuff. I
>> have some time slotted for integration issues though.
>>
>> I am quite mindful of the freeze dates I  have some uefi boot loader
>> protocol changes that I need to get in.
>>
>> Warner
>>
>> On Feb 21, 2018 11:18 PM, "Tommi Pernila"  wrote:
>>
>>> Awesome, thanks for the update and the work that you have done!
>>>
>>> Now we just need some more reviewers eyes on the code :)
>>>
>>> Br,
>>>
>>> Tommi
>>>
>>> On Thu, 22 Feb 2018 at 2.03, Eric McCorkle  wrote:
>>>
 FYI, I just IFC'ed everything, and the current patches are still fine.

 Also, the full GELI + standalone loader has been deployed on one of my
 laptops for some time now.

 On 02/21/2018 18:15, Eric McCorkle wrote:
 > The GELI work could be merged at this point, though it won't be usable
 > without an additional patch to enable loader-only operation.  The
 > patches are currently up for review:
 >
 > This is the order in which they'd need to be merged:
 >
 >
 > https://reviews.freebsd.org/D12732
 >
 > This one changes the efipart device.  Toomas Soome identified some
 > problems, which I have addressed.  He has not re-reviewed it, however.
 >
 >
 > https://reviews.freebsd.org/D12692
 >
 > This adds some crypto code needed for GELI.  It simply adds new code,
 > and doesn't conflict with anything.
 >
 >
 > https://reviews.freebsd.org/D12698
 >
 > This adds the EFI KMS interface code, and has the EFI loader pass keys
 > into the keybuf interface.
 >
 >
 > I can't post the main GELI driver until those get merged, as it
 depends
 > on them.  It can be found on the geli branch on my github freebsd
 > repository, however.
 >
 >
 > Additionally, you need this patch, which allows loader.efi to function
 > when installed directly to the ESP:
 >
 > https://reviews.freebsd.org/D13497
 >
 > On 02/20/2018 22:56, Tommi Pernila wrote:
 >> Hi Eric,
 >>
 >> could you provide a brief update how the work is going?
 >>
 >>
 >> Br,
 >>
 >> Tommi
 >>
 >>
 >> On Nov 16, 2017 04:29, "Eric McCorkle" > > wrote:
 >>
 >> Right, so basically, the remaining GELI patches are against
 loader, and
 >> most of them can go in independently of the work on removing
 boot1.
 >> There's a unanimous consensus on getting rid of boot1 which
 includes its
 >> original author, so that's going to happen.
 >>
 >>
 >> For GELI, we have the following (not necessarily in order):
 >>
 >> a) Adding the KMS interfaces, pseudo-device, and kernel keybuf
 >> interactions
 >> b) Modifications to the efipart driver
 >> c) boot crypto
 >> d) GELI partition types (not strictly necessary)
 >>
 >> Then there's the GELI driver itself.  (a) and (c) are good to
 land, (b)
 >> needs some more work after Toomas Soome pointed out a legitimate
 >> problem, and (d) actually needs a good bit more code (but again,
 it's
 >> more cosmetic).  Additionally, the GELI driver will need further
 mods to
 >> efipart to be written (nothing too big).  But we could go ahead
 with (a)
 >> and (c), as they've already been proven to work.
 >>
 >> I'd wanted to have this stuff shaped up sooner, but I'm
 preoccupied with
 >> the 7th RISC-V workshop at the end of the month.
 >>
 >> Once this stuff is all in, loader should handle any GELI volumes
 it
 >> finds, and it should Just Work once boot1 is gone.
 >>
 >>
 > ___
 > freebsd-current@freebsd.org mailing list
 > https://lists.freebsd.org/mailman/listinfo/freebsd-current
 > To unsubscribe, send any mail to "
 freebsd-current-unsubscr...@freebsd.org"
 >

>>>
> --
> Sent from my Android device with K-9 Mail. Please excuse my brevity.
>
___
freebsd-current@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-current
To unsubscribe, send any mail to "freebsd-current-unsubscr...@freebsd.org"

Re: GELI with UEFI supporting Boot Environments goes to HEAD when?

[Eric McCorkle]

I'll do another rebase from head just to be sure 

On March 28, 2018 3:23:23 PM EDT, Warner Losh  wrote:
>It's on my list for nexr, finally. I have an alternate patch for
>loader.efi
>from ESP, but i don't think it will affect the GELI stuff. I have some
>time
>slotted for integration issues though.
>
>I am quite mindful of the freeze dates I  have some uefi boot
>loader
>protocol changes that I need to get in.
>
>Warner
>
>On Feb 21, 2018 11:18 PM, "Tommi Pernila"  wrote:
>
>> Awesome, thanks for the update and the work that you have done!
>>
>> Now we just need some more reviewers eyes on the code :)
>>
>> Br,
>>
>> Tommi
>>
>> On Thu, 22 Feb 2018 at 2.03, Eric McCorkle 
>wrote:
>>
>>> FYI, I just IFC'ed everything, and the current patches are still
>fine.
>>>
>>> Also, the full GELI + standalone loader has been deployed on one of
>my
>>> laptops for some time now.
>>>
>>> On 02/21/2018 18:15, Eric McCorkle wrote:
>>> > The GELI work could be merged at this point, though it won't be
>usable
>>> > without an additional patch to enable loader-only operation.  The
>>> > patches are currently up for review:
>>> >
>>> > This is the order in which they'd need to be merged:
>>> >
>>> >
>>> > https://reviews.freebsd.org/D12732
>>> >
>>> > This one changes the efipart device.  Toomas Soome identified some
>>> > problems, which I have addressed.  He has not re-reviewed it,
>however.
>>> >
>>> >
>>> > https://reviews.freebsd.org/D12692
>>> >
>>> > This adds some crypto code needed for GELI.  It simply adds new
>code,
>>> > and doesn't conflict with anything.
>>> >
>>> >
>>> > https://reviews.freebsd.org/D12698
>>> >
>>> > This adds the EFI KMS interface code, and has the EFI loader pass
>keys
>>> > into the keybuf interface.
>>> >
>>> >
>>> > I can't post the main GELI driver until those get merged, as it
>depends
>>> > on them.  It can be found on the geli branch on my github freebsd
>>> > repository, however.
>>> >
>>> >
>>> > Additionally, you need this patch, which allows loader.efi to
>function
>>> > when installed directly to the ESP:
>>> >
>>> > https://reviews.freebsd.org/D13497
>>> >
>>> > On 02/20/2018 22:56, Tommi Pernila wrote:
>>> >> Hi Eric,
>>> >>
>>> >> could you provide a brief update how the work is going?
>>> >>
>>> >>
>>> >> Br,
>>> >>
>>> >> Tommi
>>> >>
>>> >>
>>> >> On Nov 16, 2017 04:29, "Eric McCorkle" >> >> > wrote:
>>> >>
>>> >> Right, so basically, the remaining GELI patches are against
>>> loader, and
>>> >> most of them can go in independently of the work on removing
>boot1.
>>> >> There's a unanimous consensus on getting rid of boot1 which
>>> includes its
>>> >> original author, so that's going to happen.
>>> >>
>>> >>
>>> >> For GELI, we have the following (not necessarily in order):
>>> >>
>>> >> a) Adding the KMS interfaces, pseudo-device, and kernel
>keybuf
>>> >> interactions
>>> >> b) Modifications to the efipart driver
>>> >> c) boot crypto
>>> >> d) GELI partition types (not strictly necessary)
>>> >>
>>> >> Then there's the GELI driver itself.  (a) and (c) are good to
>>> land, (b)
>>> >> needs some more work after Toomas Soome pointed out a
>legitimate
>>> >> problem, and (d) actually needs a good bit more code (but
>again,
>>> it's
>>> >> more cosmetic).  Additionally, the GELI driver will need
>further
>>> mods to
>>> >> efipart to be written (nothing too big).  But we could go
>ahead
>>> with (a)
>>> >> and (c), as they've already been proven to work.
>>> >>
>>> >> I'd wanted to have this stuff shaped up sooner, but I'm
>>> preoccupied with
>>> >> the 7th RISC-V workshop at the end of the month.
>>> >>
>>> >> Once this stuff is all in, loader should handle any GELI
>volumes it
>>> >> finds, and it should Just Work once boot1 is gone.
>>> >>
>>> >>
>>> > ___
>>> > freebsd-current@freebsd.org mailing list
>>> > https://lists.freebsd.org/mailman/listinfo/freebsd-current
>>> > To unsubscribe, send any mail to "freebsd-current-unsubscribe@
>>> freebsd.org"
>>> >
>>>
>>

-- 
Sent from my Android device with K-9 Mail. Please excuse my brevity.
___
freebsd-current@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-current
To unsubscribe, send any mail to "freebsd-current-unsubscr...@freebsd.org"

Re: GELI with UEFI supporting Boot Environments goes to HEAD when?

[Warner Losh]

It's on my list for nexr, finally. I have an alternate patch for loader.efi
from ESP, but i don't think it will affect the GELI stuff. I have some time
slotted for integration issues though.

I am quite mindful of the freeze dates I  have some uefi boot loader
protocol changes that I need to get in.

Warner

On Feb 21, 2018 11:18 PM, "Tommi Pernila"  wrote:

> Awesome, thanks for the update and the work that you have done!
>
> Now we just need some more reviewers eyes on the code :)
>
> Br,
>
> Tommi
>
> On Thu, 22 Feb 2018 at 2.03, Eric McCorkle  wrote:
>
>> FYI, I just IFC'ed everything, and the current patches are still fine.
>>
>> Also, the full GELI + standalone loader has been deployed on one of my
>> laptops for some time now.
>>
>> On 02/21/2018 18:15, Eric McCorkle wrote:
>> > The GELI work could be merged at this point, though it won't be usable
>> > without an additional patch to enable loader-only operation.  The
>> > patches are currently up for review:
>> >
>> > This is the order in which they'd need to be merged:
>> >
>> >
>> > https://reviews.freebsd.org/D12732
>> >
>> > This one changes the efipart device.  Toomas Soome identified some
>> > problems, which I have addressed.  He has not re-reviewed it, however.
>> >
>> >
>> > https://reviews.freebsd.org/D12692
>> >
>> > This adds some crypto code needed for GELI.  It simply adds new code,
>> > and doesn't conflict with anything.
>> >
>> >
>> > https://reviews.freebsd.org/D12698
>> >
>> > This adds the EFI KMS interface code, and has the EFI loader pass keys
>> > into the keybuf interface.
>> >
>> >
>> > I can't post the main GELI driver until those get merged, as it depends
>> > on them.  It can be found on the geli branch on my github freebsd
>> > repository, however.
>> >
>> >
>> > Additionally, you need this patch, which allows loader.efi to function
>> > when installed directly to the ESP:
>> >
>> > https://reviews.freebsd.org/D13497
>> >
>> > On 02/20/2018 22:56, Tommi Pernila wrote:
>> >> Hi Eric,
>> >>
>> >> could you provide a brief update how the work is going?
>> >>
>> >>
>> >> Br,
>> >>
>> >> Tommi
>> >>
>> >>
>> >> On Nov 16, 2017 04:29, "Eric McCorkle" > >> > wrote:
>> >>
>> >> Right, so basically, the remaining GELI patches are against
>> loader, and
>> >> most of them can go in independently of the work on removing boot1.
>> >> There's a unanimous consensus on getting rid of boot1 which
>> includes its
>> >> original author, so that's going to happen.
>> >>
>> >>
>> >> For GELI, we have the following (not necessarily in order):
>> >>
>> >> a) Adding the KMS interfaces, pseudo-device, and kernel keybuf
>> >> interactions
>> >> b) Modifications to the efipart driver
>> >> c) boot crypto
>> >> d) GELI partition types (not strictly necessary)
>> >>
>> >> Then there's the GELI driver itself.  (a) and (c) are good to
>> land, (b)
>> >> needs some more work after Toomas Soome pointed out a legitimate
>> >> problem, and (d) actually needs a good bit more code (but again,
>> it's
>> >> more cosmetic).  Additionally, the GELI driver will need further
>> mods to
>> >> efipart to be written (nothing too big).  But we could go ahead
>> with (a)
>> >> and (c), as they've already been proven to work.
>> >>
>> >> I'd wanted to have this stuff shaped up sooner, but I'm
>> preoccupied with
>> >> the 7th RISC-V workshop at the end of the month.
>> >>
>> >> Once this stuff is all in, loader should handle any GELI volumes it
>> >> finds, and it should Just Work once boot1 is gone.
>> >>
>> >>
>> > ___
>> > freebsd-current@freebsd.org mailing list
>> > https://lists.freebsd.org/mailman/listinfo/freebsd-current
>> > To unsubscribe, send any mail to "freebsd-current-unsubscribe@
>> freebsd.org"
>> >
>>
>
___
freebsd-current@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-current
To unsubscribe, send any mail to "freebsd-current-unsubscr...@freebsd.org"

Re: GELI with UEFI supporting Boot Environments goes to HEAD when?

[Tommi Pernila]

Hi all,

is there any chance that this would make it to 11.2 RELEASE ?

 stable/11 slush: April 20, 2018
 stable/11 freeze:May 4, 2018

Br,

Tommi


On Thu, Feb 22, 2018 at 8:18 AM, Tommi Pernila  wrote:

> Awesome, thanks for the update and the work that you have done!
>
> Now we just need some more reviewers eyes on the code :)
>
> Br,
>
> Tommi
>
> On Thu, 22 Feb 2018 at 2.03, Eric McCorkle  wrote:
>
>> FYI, I just IFC'ed everything, and the current patches are still fine.
>>
>> Also, the full GELI + standalone loader has been deployed on one of my
>> laptops for some time now.
>>
>> On 02/21/2018 18:15, Eric McCorkle wrote:
>> > The GELI work could be merged at this point, though it won't be usable
>> > without an additional patch to enable loader-only operation.  The
>> > patches are currently up for review:
>> >
>> > This is the order in which they'd need to be merged:
>> >
>> >
>> > https://reviews.freebsd.org/D12732
>> >
>> > This one changes the efipart device.  Toomas Soome identified some
>> > problems, which I have addressed.  He has not re-reviewed it, however.
>> >
>> >
>> > https://reviews.freebsd.org/D12692
>> >
>> > This adds some crypto code needed for GELI.  It simply adds new code,
>> > and doesn't conflict with anything.
>> >
>> >
>> > https://reviews.freebsd.org/D12698
>> >
>> > This adds the EFI KMS interface code, and has the EFI loader pass keys
>> > into the keybuf interface.
>> >
>> >
>> > I can't post the main GELI driver until those get merged, as it depends
>> > on them.  It can be found on the geli branch on my github freebsd
>> > repository, however.
>> >
>> >
>> > Additionally, you need this patch, which allows loader.efi to function
>> > when installed directly to the ESP:
>> >
>> > https://reviews.freebsd.org/D13497
>> >
>> > On 02/20/2018 22:56, Tommi Pernila wrote:
>> >> Hi Eric,
>> >>
>> >> could you provide a brief update how the work is going?
>> >>
>> >>
>> >> Br,
>> >>
>> >> Tommi
>> >>
>> >>
>> >> On Nov 16, 2017 04:29, "Eric McCorkle" > >> > wrote:
>> >>
>> >> Right, so basically, the remaining GELI patches are against
>> loader, and
>> >> most of them can go in independently of the work on removing boot1.
>> >> There's a unanimous consensus on getting rid of boot1 which
>> includes its
>> >> original author, so that's going to happen.
>> >>
>> >>
>> >> For GELI, we have the following (not necessarily in order):
>> >>
>> >> a) Adding the KMS interfaces, pseudo-device, and kernel keybuf
>> >> interactions
>> >> b) Modifications to the efipart driver
>> >> c) boot crypto
>> >> d) GELI partition types (not strictly necessary)
>> >>
>> >> Then there's the GELI driver itself.  (a) and (c) are good to
>> land, (b)
>> >> needs some more work after Toomas Soome pointed out a legitimate
>> >> problem, and (d) actually needs a good bit more code (but again,
>> it's
>> >> more cosmetic).  Additionally, the GELI driver will need further
>> mods to
>> >> efipart to be written (nothing too big).  But we could go ahead
>> with (a)
>> >> and (c), as they've already been proven to work.
>> >>
>> >> I'd wanted to have this stuff shaped up sooner, but I'm
>> preoccupied with
>> >> the 7th RISC-V workshop at the end of the month.
>> >>
>> >> Once this stuff is all in, loader should handle any GELI volumes it
>> >> finds, and it should Just Work once boot1 is gone.
>> >>
>> >>
>> > ___
>> > freebsd-current@freebsd.org mailing list
>> > https://lists.freebsd.org/mailman/listinfo/freebsd-current
>> > To unsubscribe, send any mail to "freebsd-current-unsubscribe@
>> freebsd.org"
>> >
>>
>
___
freebsd-current@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-current
To unsubscribe, send any mail to "freebsd-current-unsubscr...@freebsd.org"

Re: GELI with UEFI supporting Boot Environments goes to HEAD when?

[Tommi Pernila]

Awesome, thanks for the update and the work that you have done!

Now we just need some more reviewers eyes on the code :)

Br,

Tommi

On Thu, 22 Feb 2018 at 2.03, Eric McCorkle  wrote:

> FYI, I just IFC'ed everything, and the current patches are still fine.
>
> Also, the full GELI + standalone loader has been deployed on one of my
> laptops for some time now.
>
> On 02/21/2018 18:15, Eric McCorkle wrote:
> > The GELI work could be merged at this point, though it won't be usable
> > without an additional patch to enable loader-only operation.  The
> > patches are currently up for review:
> >
> > This is the order in which they'd need to be merged:
> >
> >
> > https://reviews.freebsd.org/D12732
> >
> > This one changes the efipart device.  Toomas Soome identified some
> > problems, which I have addressed.  He has not re-reviewed it, however.
> >
> >
> > https://reviews.freebsd.org/D12692
> >
> > This adds some crypto code needed for GELI.  It simply adds new code,
> > and doesn't conflict with anything.
> >
> >
> > https://reviews.freebsd.org/D12698
> >
> > This adds the EFI KMS interface code, and has the EFI loader pass keys
> > into the keybuf interface.
> >
> >
> > I can't post the main GELI driver until those get merged, as it depends
> > on them.  It can be found on the geli branch on my github freebsd
> > repository, however.
> >
> >
> > Additionally, you need this patch, which allows loader.efi to function
> > when installed directly to the ESP:
> >
> > https://reviews.freebsd.org/D13497
> >
> > On 02/20/2018 22:56, Tommi Pernila wrote:
> >> Hi Eric,
> >>
> >> could you provide a brief update how the work is going?
> >>
> >>
> >> Br,
> >>
> >> Tommi
> >>
> >>
> >> On Nov 16, 2017 04:29, "Eric McCorkle"  >> > wrote:
> >>
> >> Right, so basically, the remaining GELI patches are against loader,
> and
> >> most of them can go in independently of the work on removing boot1.
> >> There's a unanimous consensus on getting rid of boot1 which
> includes its
> >> original author, so that's going to happen.
> >>
> >>
> >> For GELI, we have the following (not necessarily in order):
> >>
> >> a) Adding the KMS interfaces, pseudo-device, and kernel keybuf
> >> interactions
> >> b) Modifications to the efipart driver
> >> c) boot crypto
> >> d) GELI partition types (not strictly necessary)
> >>
> >> Then there's the GELI driver itself.  (a) and (c) are good to land,
> (b)
> >> needs some more work after Toomas Soome pointed out a legitimate
> >> problem, and (d) actually needs a good bit more code (but again,
> it's
> >> more cosmetic).  Additionally, the GELI driver will need further
> mods to
> >> efipart to be written (nothing too big).  But we could go ahead
> with (a)
> >> and (c), as they've already been proven to work.
> >>
> >> I'd wanted to have this stuff shaped up sooner, but I'm preoccupied
> with
> >> the 7th RISC-V workshop at the end of the month.
> >>
> >> Once this stuff is all in, loader should handle any GELI volumes it
> >> finds, and it should Just Work once boot1 is gone.
> >>
> >>
> > ___
> > freebsd-current@freebsd.org mailing list
> > https://lists.freebsd.org/mailman/listinfo/freebsd-current
> > To unsubscribe, send any mail to "
> freebsd-current-unsubscr...@freebsd.org"
> >
>
___
freebsd-current@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-current
To unsubscribe, send any mail to "freebsd-current-unsubscr...@freebsd.org"

Re: GELI with UEFI supporting Boot Environments goes to HEAD when?

[Eric McCorkle]

FYI, I just IFC'ed everything, and the current patches are still fine.

Also, the full GELI + standalone loader has been deployed on one of my
laptops for some time now.

On 02/21/2018 18:15, Eric McCorkle wrote:
> The GELI work could be merged at this point, though it won't be usable
> without an additional patch to enable loader-only operation.  The
> patches are currently up for review:
> 
> This is the order in which they'd need to be merged:
> 
> 
> https://reviews.freebsd.org/D12732
> 
> This one changes the efipart device.  Toomas Soome identified some
> problems, which I have addressed.  He has not re-reviewed it, however.
> 
> 
> https://reviews.freebsd.org/D12692
> 
> This adds some crypto code needed for GELI.  It simply adds new code,
> and doesn't conflict with anything.
> 
> 
> https://reviews.freebsd.org/D12698
> 
> This adds the EFI KMS interface code, and has the EFI loader pass keys
> into the keybuf interface.
> 
> 
> I can't post the main GELI driver until those get merged, as it depends
> on them.  It can be found on the geli branch on my github freebsd
> repository, however.
> 
> 
> Additionally, you need this patch, which allows loader.efi to function
> when installed directly to the ESP:
> 
> https://reviews.freebsd.org/D13497
> 
> On 02/20/2018 22:56, Tommi Pernila wrote:
>> Hi Eric,
>>
>> could you provide a brief update how the work is going?
>>
>>
>> Br,
>>
>> Tommi
>>
>>
>> On Nov 16, 2017 04:29, "Eric McCorkle" > > wrote:
>>
>> Right, so basically, the remaining GELI patches are against loader, and
>> most of them can go in independently of the work on removing boot1.
>> There's a unanimous consensus on getting rid of boot1 which includes its
>> original author, so that's going to happen.
>>
>>
>> For GELI, we have the following (not necessarily in order):
>>
>> a) Adding the KMS interfaces, pseudo-device, and kernel keybuf
>> interactions
>> b) Modifications to the efipart driver
>> c) boot crypto
>> d) GELI partition types (not strictly necessary)
>>
>> Then there's the GELI driver itself.  (a) and (c) are good to land, (b)
>> needs some more work after Toomas Soome pointed out a legitimate
>> problem, and (d) actually needs a good bit more code (but again, it's
>> more cosmetic).  Additionally, the GELI driver will need further mods to
>> efipart to be written (nothing too big).  But we could go ahead with (a)
>> and (c), as they've already been proven to work.
>>
>> I'd wanted to have this stuff shaped up sooner, but I'm preoccupied with
>> the 7th RISC-V workshop at the end of the month.
>>
>> Once this stuff is all in, loader should handle any GELI volumes it
>> finds, and it should Just Work once boot1 is gone.
>>
>>
> ___
> freebsd-current@freebsd.org mailing list
> https://lists.freebsd.org/mailman/listinfo/freebsd-current
> To unsubscribe, send any mail to "freebsd-current-unsubscr...@freebsd.org"
> 
___
freebsd-current@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-current
To unsubscribe, send any mail to "freebsd-current-unsubscr...@freebsd.org"

Re: GELI with UEFI supporting Boot Environments goes to HEAD when?

[Eric McCorkle]

The GELI work could be merged at this point, though it won't be usable
without an additional patch to enable loader-only operation.  The
patches are currently up for review:

This is the order in which they'd need to be merged:


https://reviews.freebsd.org/D12732

This one changes the efipart device.  Toomas Soome identified some
problems, which I have addressed.  He has not re-reviewed it, however.


https://reviews.freebsd.org/D12692

This adds some crypto code needed for GELI.  It simply adds new code,
and doesn't conflict with anything.


https://reviews.freebsd.org/D12698

This adds the EFI KMS interface code, and has the EFI loader pass keys
into the keybuf interface.


I can't post the main GELI driver until those get merged, as it depends
on them.  It can be found on the geli branch on my github freebsd
repository, however.


Additionally, you need this patch, which allows loader.efi to function
when installed directly to the ESP:

https://reviews.freebsd.org/D13497

On 02/20/2018 22:56, Tommi Pernila wrote:
> Hi Eric,
> 
> could you provide a brief update how the work is going?
> 
> 
> Br,
> 
> Tommi
> 
> 
> On Nov 16, 2017 04:29, "Eric McCorkle"  > wrote:
> 
> Right, so basically, the remaining GELI patches are against loader, and
> most of them can go in independently of the work on removing boot1.
> There's a unanimous consensus on getting rid of boot1 which includes its
> original author, so that's going to happen.
> 
> 
> For GELI, we have the following (not necessarily in order):
> 
> a) Adding the KMS interfaces, pseudo-device, and kernel keybuf
> interactions
> b) Modifications to the efipart driver
> c) boot crypto
> d) GELI partition types (not strictly necessary)
> 
> Then there's the GELI driver itself.  (a) and (c) are good to land, (b)
> needs some more work after Toomas Soome pointed out a legitimate
> problem, and (d) actually needs a good bit more code (but again, it's
> more cosmetic).  Additionally, the GELI driver will need further mods to
> efipart to be written (nothing too big).  But we could go ahead with (a)
> and (c), as they've already been proven to work.
> 
> I'd wanted to have this stuff shaped up sooner, but I'm preoccupied with
> the 7th RISC-V workshop at the end of the month.
> 
> Once this stuff is all in, loader should handle any GELI volumes it
> finds, and it should Just Work once boot1 is gone.
> 
> 
___
freebsd-current@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-current
To unsubscribe, send any mail to "freebsd-current-unsubscr...@freebsd.org"

Re: GELI with UEFI supporting Boot Environments goes to HEAD when?

[Tommi Pernila]

Hi Eric,

could you provide a brief update how the work is going?


Br,

Tommi


On Nov 16, 2017 04:29, "Eric McCorkle"  wrote:

Right, so basically, the remaining GELI patches are against loader, and
most of them can go in independently of the work on removing boot1.
There's a unanimous consensus on getting rid of boot1 which includes its
original author, so that's going to happen.


For GELI, we have the following (not necessarily in order):

a) Adding the KMS interfaces, pseudo-device, and kernel keybuf interactions
b) Modifications to the efipart driver
c) boot crypto
d) GELI partition types (not strictly necessary)

Then there's the GELI driver itself.  (a) and (c) are good to land, (b)
needs some more work after Toomas Soome pointed out a legitimate
problem, and (d) actually needs a good bit more code (but again, it's
more cosmetic).  Additionally, the GELI driver will need further mods to
efipart to be written (nothing too big).  But we could go ahead with (a)
and (c), as they've already been proven to work.

I'd wanted to have this stuff shaped up sooner, but I'm preoccupied with
the 7th RISC-V workshop at the end of the month.

Once this stuff is all in, loader should handle any GELI volumes it
finds, and it should Just Work once boot1 is gone.
___
freebsd-current@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-current
To unsubscribe, send any mail to "freebsd-current-unsubscr...@freebsd.org"

Re: GELI with UEFI supporting Boot Environments goes to HEAD when?

[Eric McCorkle]

Right, so basically, the remaining GELI patches are against loader, and
most of them can go in independently of the work on removing boot1.
There's a unanimous consensus on getting rid of boot1 which includes its
original author, so that's going to happen.


For GELI, we have the following (not necessarily in order):

a) Adding the KMS interfaces, pseudo-device, and kernel keybuf interactions
b) Modifications to the efipart driver
c) boot crypto
d) GELI partition types (not strictly necessary)

Then there's the GELI driver itself.  (a) and (c) are good to land, (b)
needs some more work after Toomas Soome pointed out a legitimate
problem, and (d) actually needs a good bit more code (but again, it's
more cosmetic).  Additionally, the GELI driver will need further mods to
efipart to be written (nothing too big).  But we could go ahead with (a)
and (c), as they've already been proven to work.

I'd wanted to have this stuff shaped up sooner, but I'm preoccupied with
the 7th RISC-V workshop at the end of the month.

Once this stuff is all in, loader should handle any GELI volumes it
finds, and it should Just Work once boot1 is gone.



signature.asc
Description: OpenPGP digital signature

Re: GELI with UEFI supporting Boot Environments goes to HEAD when?

[Tommi Pernila]

On Wed, 15 Nov 2017 at 16.47, Warner Losh  wrote:

> On Wed, Nov 15, 2017 at 3:28 AM, Tommi Pernila 
> wrote:
>
>> Hi All,
>>
>> Anyone have an idea when the GELI with UEFI supporting Boot
>> Environments goes to HEAD?
>>
>> The Phabricator reviews for this seem to done.
>> Also recently I have seen quite a few commits done by @imp which touch
>> GELI,
>> Are these related to this feature or something else?
>>
>> So it could be that this feature is already in HEAD, or are still some
>> parts pending?
>>
>
> It will be available once we move to loader.efi and ditch boot1.efi, which
> is some weeks away.
>
> Warner
>

Ok.

Thanks Warner and Eric for all of your work :)


-Tommi



>
>> Below a clip from Allan describing the feature i'm looking for:
>>
>>
>> On Tue, 11 Jul 2017 at 18.31, Allan Jude  wrote:
>>
>>>
>>> Boot environments with a bootpool do not work. Support for GELI with
>>> UEFI is coming soon. This will allow you to move /boot into the GELI
>>> encrypted pool, and get rid of the bootpool, and properly use boot
>>> environments.
>>>
>>> --
>>> Allan Jude
>>
>>
>>
>> Br,
>>
>> Tommi
>>
>
___
freebsd-current@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-current
To unsubscribe, send any mail to "freebsd-current-unsubscr...@freebsd.org"

Re: GELI with UEFI supporting Boot Environments goes to HEAD when?

[Eric McCorkle]

I'll reply in more detail later on, when I'm not on a phone

On November 15, 2017 9:47:54 AM EST, Warner Losh  wrote:
>On Wed, Nov 15, 2017 at 3:28 AM, Tommi Pernila
>
>wrote:
>
>> Hi All,
>>
>> Anyone have an idea when the GELI with UEFI supporting Boot
>> Environments goes to HEAD?
>>
>> The Phabricator reviews for this seem to done.
>> Also recently I have seen quite a few commits done by @imp which
>touch
>> GELI,
>> Are these related to this feature or something else?
>>
>> So it could be that this feature is already in HEAD, or are still
>some
>> parts pending?
>>
>
>It will be available once we move to loader.efi and ditch boot1.efi,
>which
>is some weeks away.
>
>Warner
>
>
>> Below a clip from Allan describing the feature i'm looking for:
>>
>>
>> On Tue, 11 Jul 2017 at 18.31, Allan Jude 
>wrote:
>>
>>>
>>> Boot environments with a bootpool do not work. Support for GELI with
>>> UEFI is coming soon. This will allow you to move /boot into the GELI
>>> encrypted pool, and get rid of the bootpool, and properly use boot
>>> environments.
>>>
>>> --
>>> Allan Jude
>>
>>
>>
>> Br,
>>
>> Tommi
>>

-- 
Sent from my Android device with K-9 Mail. Please excuse my brevity.
___
freebsd-current@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-current
To unsubscribe, send any mail to "freebsd-current-unsubscr...@freebsd.org"

Re: GELI with UEFI supporting Boot Environments goes to HEAD when?

[Warner Losh]

On Wed, Nov 15, 2017 at 3:28 AM, Tommi Pernila 
wrote:

> Hi All,
>
> Anyone have an idea when the GELI with UEFI supporting Boot
> Environments goes to HEAD?
>
> The Phabricator reviews for this seem to done.
> Also recently I have seen quite a few commits done by @imp which touch
> GELI,
> Are these related to this feature or something else?
>
> So it could be that this feature is already in HEAD, or are still some
> parts pending?
>

It will be available once we move to loader.efi and ditch boot1.efi, which
is some weeks away.

Warner


> Below a clip from Allan describing the feature i'm looking for:
>
>
> On Tue, 11 Jul 2017 at 18.31, Allan Jude  wrote:
>
>>
>> Boot environments with a bootpool do not work. Support for GELI with
>> UEFI is coming soon. This will allow you to move /boot into the GELI
>> encrypted pool, and get rid of the bootpool, and properly use boot
>> environments.
>>
>> --
>> Allan Jude
>
>
>
> Br,
>
> Tommi
>
___
freebsd-current@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-current
To unsubscribe, send any mail to "freebsd-current-unsubscr...@freebsd.org"

GELI with UEFI supporting Boot Environments goes to HEAD when?

[Tommi Pernila]

Hi All,

Anyone have an idea when the GELI with UEFI supporting Boot
Environments goes to HEAD?

The Phabricator reviews for this seem to done.
Also recently I have seen quite a few commits done by @imp which touch GELI,
Are these related to this feature or something else?

So it could be that this feature is already in HEAD, or are still some
parts pending?

Below a clip from Allan describing the feature i'm looking for:


On Tue, 11 Jul 2017 at 18.31, Allan Jude  wrote:

>
> Boot environments with a bootpool do not work. Support for GELI with
> UEFI is coming soon. This will allow you to move /boot into the GELI
> encrypted pool, and get rid of the bootpool, and properly use boot
> environments.
>
> --
> Allan Jude



Br,

Tommi
___
freebsd-current@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-current
To unsubscribe, send any mail to "freebsd-current-unsubscr...@freebsd.org"