mirror of
https://github.com/freebsd/freebsd-src.git
synced 2024-11-30 08:43:23 +00:00
loader: Document that WITH_BEARSSL may need other tweaks
/boot/loader is right up aginst the 500k limit we have to make sure everything works in a wide variety of environments. However, adding WITH_BEARSSL can push it over the edge since we are so close to the limit with it enabled. One may also need to increase LOADERSIZE when enabling it. It's often safe to go much higher, especially when you don't plan on using pxeldr. Document this trade off here. MFC After: 3 days Sponsored by: Netflix Reviewed by: sjg, markj Differential Revision: https://reviews.freebsd.org/D46211
This commit is contained in:
parent
093d9b46f4
commit
7ee781e2bf
@ -8,3 +8,22 @@ This library is currently only used to perform
|
|||||||
signature verification and related operations
|
signature verification and related operations
|
||||||
for Verified Exec and
|
for Verified Exec and
|
||||||
.Xr loader 8 .
|
.Xr loader 8 .
|
||||||
|
.Pp
|
||||||
|
Due to size constraints, one may need to set
|
||||||
|
.Va LOADERSIZE
|
||||||
|
larger than the
|
||||||
|
default 500000, although often loader is under the 500k limit even with
|
||||||
|
this option.
|
||||||
|
Setting
|
||||||
|
.Va LOADERSIZE
|
||||||
|
larger than 500000 may cause
|
||||||
|
.Xr pxeboot 8
|
||||||
|
to be too large to work.
|
||||||
|
Careful testing of the loader in the target environment when built with a larger
|
||||||
|
limit to establish safe limits is critical because different BIOS environments
|
||||||
|
reserve differing amounts of the low 640k space, making a precise limit for
|
||||||
|
everybody impossible.
|
||||||
|
.Pp
|
||||||
|
See also
|
||||||
|
.Va WITH_LOADER_PXEBOOT
|
||||||
|
for other considerations.
|
||||||
|
@ -4,3 +4,5 @@ with support for verification similar to Verified Exec.
|
|||||||
.Pp
|
.Pp
|
||||||
Depends on
|
Depends on
|
||||||
.Va WITH_BEARSSL .
|
.Va WITH_BEARSSL .
|
||||||
|
May require a larger
|
||||||
|
.Va LOADERSIZE .
|
||||||
|
Loading…
Reference in New Issue
Block a user