Move LOADER_{NO,}_GELI_SUPPORT to MK_LOADER_GELI

Transition to WITH/WITHOUT_LOADER_GELI to flag support or not of GELI in the boot loaders. Add HAVE_GELI so components can flag they need support (since it's too large to include everywhere). Add temporary warnings for the old forms to ease transition. Also, update test script to build without GELI on x86. Sponsored by: Netflix
dcui · Nov 10, 2017 · 163d88e · 163d88e
1 parent e5dc9a3
commit 163d88e
Show file tree

Hide file tree

Showing 14 changed files with 54 additions and 45 deletions.
diff --git a/UPDATING b/UPDATING
@@ -53,7 +53,8 @@ NOTE TO PEOPLE WHO THINK THAT FreeBSD 12.x IS SLOW:
 
 201711xx:
 	The LOADER_FIREWIRE_SUPPORT build variable as been renamed to
-	WITH_LOADER_FIREWIRE (or WITHOUT_LOADER_FIREWIRE).
+	WITH/OUT_LOADER_FIREWIRE. LOADER_{NO_,}GELI_SUPPORT has been renamed
+	to WITH/OUT_LOADER_GELI.
 
 20171106:
 	The naive and non-compliant support of posix_fallocate(2) in ZFS

diff --git a/share/mk/src.opts.mk b/share/mk/src.opts.mk
@@ -119,6 +119,7 @@ __DEFAULT_YES_OPTIONS = \
     LIB32 \
     LIBPTHREAD \
     LIBTHR \
+    LOADER_GELI \
     LOCALES \
     LOCATE \
     LPR \

diff --git a/sys/boot/defs.mk b/sys/boot/defs.mk
@@ -85,10 +85,26 @@ CFLAGS+= -DLOADER_GPT_SUPPORT
 .if ${LOADER_MBR_SUPPORT:Uyes} == "yes"
 CFLAGS+= -DLOADER_MBR_SUPPORT
 .endif
-.if ${LOADER_GELI_SUPPORT:Uyes} == "yes"
-CFLAGS+= -DLOADER_GELI_SUPPORT
+
+# GELI Support, with backward compat hooks
+.if defined(HAVE_GELI)
+.if defined(LOADER_NO_GELI_SUPPORT)
+MK_LOADER_GELI=no
+.warning "Please move from LOADER_NO_GELI_SUPPORT to WITHOUT_LOADER_GELI"
+.endif
+.if defined(LOADER_GELI_SUPPORT)
+MK_LOADER_GELI=yes
+.warning "Please move from LOADER_GELI_SUPPORT to WITH_LOADER_GELI"
+.endif
+.if ${MK_LOADER_GELI} == "yes"
+CFLAGS+=	-DLOADER_GELI_SUPPORT
+CFLAGS+=	-I${BOOTSRC}/geli
+LIBGELIBOOT=	${BOOTOBJ}/geli/libgeliboot.a
 .endif
 .endif
+.endif
+
+CFLAGS+=	-I${SYSDIR}
 
 # All PowerPC builds are 32 bit. We have no 64-bit loaders on powerpc
 # or powerpc64.

diff --git a/sys/boot/geli/Makefile b/sys/boot/geli/Makefile
@@ -49,5 +49,9 @@ SRCS+=		rijndael-alg-fst.c rijndael-api-fst.c rijndael-api.c
 CFLAGS+=	-D_STAND
 SRCS+=		geliboot_crypto.c g_eli_hmac.c g_eli_key.c g_eli_key_cache.c pkcs5v2.c
 
+# aes
+.PATH:		${SYSDIR}/opencrypto
+SRCS+=		xform_aes_xts.c
+
 .include <bsd.stand.mk>
 .include <bsd.lib.mk>
diff --git a/sys/boot/i386/gptboot/Makefile b/sys/boot/i386/gptboot/Makefile
@@ -1,5 +1,7 @@
 # $FreeBSD$
 
+HAVE_GELI=		yes
+
 .include <bsd.init.mk>
 
 .PATH:		${BOOTSRC}/i386/boot2 ${BOOTSRC}/i386/common ${SASRC}
@@ -41,14 +43,6 @@ CFLAGS+=-DBOOTPROG=\"gptboot\" \
 
 CFLAGS.gcc+=	--param max-inline-insns-single=100
 
-.if ${LOADER_GELI_SUPPORT:Uyes} == "yes"
-CFLAGS+=	-DLOADER_GELI_SUPPORT
-CFLAGS+=	-I${BOOTSRC}/geli
-LIBGELIBOOT=	${BOOTOBJ}/geli/libgeliboot.a
-.PATH:		${SYSDIR}/opencrypto
-OPENCRYPTO_XTS=	xform_aes_xts.o
-.endif
-
 LD_FLAGS+=${LD_FLAGS_BIN}
 
 CLEANFILES=	gptboot
@@ -66,12 +60,12 @@ gptldr.out: gptldr.o
 	${LD} ${LD_FLAGS} -e start -Ttext ${ORG1} -o ${.TARGET} gptldr.o
 
 CLEANFILES+=	gptboot.bin gptboot.out gptboot.o sio.o crc32.o drv.o \
-		cons.o util.o ${OPENCRYPTO_XTS}
+		cons.o ${OPENCRYPTO_XTS}
 
 gptboot.bin: gptboot.out
 	${OBJCOPY} -S -O binary gptboot.out ${.TARGET}
 
-gptboot.out: ${BTXCRT} gptboot.o sio.o crc32.o drv.o cons.o util.o ${OPENCRYPTO_XTS}
+gptboot.out: ${BTXCRT} gptboot.o sio.o crc32.o drv.o cons.o ${OPENCRYPTO_XTS}
 	${LD} ${LD_FLAGS} -Ttext ${ORG2} -o ${.TARGET} ${.ALLSRC} ${LIBGELIBOOT} ${LIBSA32}
 
 gptboot.o: ${SASRC}/ufsread.c

diff --git a/sys/boot/i386/gptzfsboot/Makefile b/sys/boot/i386/gptzfsboot/Makefile
@@ -1,5 +1,7 @@
 # $FreeBSD$
 
+HAVE_GPT=	yes
+
 .include <bsd.init.mk>
 
 .PATH:		${BOOTSRC}/i386/boot2 ${BOOTSRC}/i386/gptboot \
@@ -50,14 +52,6 @@ LIBZFSBOOT=${BOOTOBJ}/zfs32/libzfsboot.a
 LIBZFSBOOT=${BOOTOBJ}/zfs/libzfsboot.a
 .endif
 
-.if ${LOADER_GELI_SUPPORT:Uyes} == "yes"
-CFLAGS+=	-DLOADER_GELI_SUPPORT
-CFLAGS+=	-I${BOOTSRC}/geli
-LIBGELIBOOT=	${BOOTOBJ}/geli/libgeliboot.a
-.PATH:		${SYSDIR}/opencrypto
-OPENCRYPTO_XTS=	xform_aes_xts.o
-.endif
-
 CFLAGS.gcc+=	--param max-inline-insns-single=100
 
 LD_FLAGS+=${LD_FLAGS_BIN}

diff --git a/sys/boot/i386/libi386/Makefile b/sys/boot/i386/libi386/Makefile
@@ -1,5 +1,8 @@
 # $FreeBSD$
 
+HAVE_GPT=		yes
+HAVE_GELI=		yes
+
 .include <bsd.init.mk>
 
 LIB=			i386
@@ -25,12 +28,6 @@ CFLAGS+=	-DCOMSPEED=${BOOT_COMCONSOLE_SPEED}
 CFLAGS+= -DDISK_DEBUG
 .endif
 
-.if ${LOADER_GELI_SUPPORT:Uyes} == "yes"
-# Decrypt encrypted drives
-CFLAGS+= -DLOADER_GELI_SUPPORT
-CFLAGS+= -I${BOOTSRC}/geli
-.endif
-
 .if !defined(BOOT_HIDE_SERIAL_NUMBERS)
 # Export serial numbers, UUID, and asset tag from loader.
 CFLAGS+= -DSMBIOS_SERIAL_NUMBERS

diff --git a/sys/boot/i386/loader/Makefile b/sys/boot/i386/loader/Makefile
@@ -1,5 +1,7 @@
 # $FreeBSD$
 
+HAVE_GELI=		yes
+
 LOADER_NET_SUPPORT?=	yes
 LOADER_NFS_SUPPORT?=	yes
 LOADER_TFTP_SUPPORT?=	yes
@@ -38,15 +40,6 @@ CFLAGS+=	-DLOADER_FIREWIRE_SUPPORT
 LIBFIREWIRE=	${BOOTOBJ}/i386/libfirewire/libfirewire.a
 .endif
 
-.if ${LOADER_GELI_SUPPORT:Uyes} == "yes"
-CFLAGS+=	-DLOADER_GELI_SUPPORT
-CFLAGS+=	-I${BOOTSRC}/geli
-LIBGELIBOOT=	${BOOTOBJ}/geli/libgeliboot.a
-.PATH:		${SYSDIR}/opencrypto
-SRCS+=		xform_aes_xts.c
-CFLAGS+=	-I${SYSDIR} -D_STAND
-.endif
-
 # Always add MI sources
 .include	"${BOOTSRC}/loader.mk"
 CFLAGS+=	-I.

diff --git a/sys/boot/i386/zfsboot/Makefile b/sys/boot/i386/zfsboot/Makefile
@@ -1,6 +1,6 @@
 # $FreeBSD$
 
-LOADER_GELI_SUPPORT=no
+HAVE_GELI=yes
 
 .include <bsd.init.mk>
 
@@ -60,7 +60,7 @@ zfsldr.out: zfsldr.o
 	${LD} ${LD_FLAGS} -e start -Ttext ${ORG1} -o ${.TARGET} zfsldr.o
 
 CLEANFILES+=	zfsboot2 zfsboot.ld zfsboot.ldr zfsboot.bin zfsboot.out \
-		zfsboot.o zfsboot.s zfsboot.s.tmp sio.o cons.o drv.o util.o
+		zfsboot.o zfsboot.s zfsboot.s.tmp sio.o cons.o drv.o
 
 # We currently allow 128k bytes for zfsboot - in practice it could be
 # any size up to 3.5Mb but keeping it fixed size simplifies zfsldr.
@@ -82,8 +82,8 @@ zfsboot.ldr:
 zfsboot.bin: zfsboot.out
 	${OBJCOPY} -S -O binary zfsboot.out ${.TARGET}
 
-zfsboot.out: ${BTXCRT} zfsboot.o sio.o drv.o cons.o util.o
-	${LD} ${LD_FLAGS} -Ttext ${ORG2} -o ${.TARGET} ${.ALLSRC} ${LIBZFSBOOT} ${LIBSA32}
+zfsboot.out: ${BTXCRT} zfsboot.o sio.o drv.o cons.o
+	${LD} ${LD_FLAGS} -Ttext ${ORG2} -o ${.TARGET} ${.ALLSRC} ${LIBZFSBOOT} ${LIBGELIBOOT} ${LIBSA32}
 
 SRCS=	zfsboot.c
 

diff --git a/sys/boot/i386/zfsloader/Makefile b/sys/boot/i386/zfsloader/Makefile
@@ -5,6 +5,5 @@ NEWVERSWHAT=	"ZFS enabled bootstrap loader" x86
 LOADER_ONLY=	yes
 HAVE_ZFS=	yes
 
-.include <bsd.init.mk>
-.include "${BOOTSRC}/i386/loader/Makefile"
+.include "${.CURDIR}/../loader/Makefile"
 
diff --git a/sys/boot/sparc64/loader/Makefile b/sys/boot/sparc64/loader/Makefile
@@ -22,6 +22,7 @@ VERSION_FILE=	${.CURDIR}/../loader/version
 INSTALLFLAGS=	-b
 
 # Architecture-specific loader code
+.PATH:		${BOOTSRC}/sparc64/loader
 SRCS=		locore.S main.c metadata.c vers.c
 
 .if ${LOADER_DEBUG} == "yes"

diff --git a/sys/boot/sparc64/zfsloader/Makefile b/sys/boot/sparc64/zfsloader/Makefile
@@ -1,7 +1,5 @@
 # $FreeBSD$
 
-.PATH: ${.CURDIR}/../loader
-
 PROG=		zfsloader
 NEWVERSWHAT=	"ZFS enabled bootstrap loader" sparc64
 HAVE_ZFS=	yes

diff --git a/tools/boot/universe.sh b/tools/boot/universe.sh
@@ -63,7 +63,7 @@ for i in \
 	sparc64/sparc64 \
 	; do
     ta=${i##*/}
-    dobuild $ta _.boot.${ta}.noZFS.log "MK_ZFS=no"
+    dobuild $ta _.boot.${ta}.no_zfs.log "MK_ZFS=no"
 done
 
 # Build with firewire
@@ -74,3 +74,12 @@ for i in \
     ta=${i##*/}
     dobuild $ta _.boot.${ta}.firewire.log "MK_LOADER_FIREWIRE=yes"
 done
+
+# Build without GELI
+for i in \
+	amd64/amd64 \
+	i386/i386 \
+	; do
+    ta=${i##*/}
+    dobuild $ta _.boot.${ta}.no_geli.log "MK_LOADER_GELI=no"
+done
diff --git a/tools/build/options/WITHOUT_LOADER_GEIL b/tools/build/options/WITHOUT_LOADER_GEIL
@@ -0,0 +1,2 @@
+.\" $FreeBSD$
+Disable inclusion of GELI crypto support in the boot chain binaries.