be-back

i just install FreeBSD 13.2 on virt-manager with bios. i would like how activate framebuffer dkms or kms for have full screen and litle font view on my VM. thank

though I have found nothing documented- theres gonna be a way too boot an encrypted zfs root, right?

load the kernel from EFI or other unencrypted 'boot'partition perhaps?

why are we stuck with this ancient zfs efi driver based on grub from like 2004?

huh?

theres no one in the whole world who can build EFI drivers from a recent openzfs codebase?

im so confused

you can currently boot from a partition encrypted using GELI, but not one using zfs native encryption

loader[.efi] already has code from the same openzfs version as the kernel

(but not the support for encryption)

hm, so then loader.efi should be able to boot the kernel and decrypt the root zpool or dataser?

somehow?

ah

not if the kernel is on the encrypted pool

can the kernel be put on the uefi partition?

in theory, yes (though you'd have to put the zfs module there too, plus any other modules that need loading before boot)

i thought there should be a way

it's not something the installer will do for you, but it's a setup I've experimented with in the past

but nothing documented?

i am not at all familiar with the fbsd boot process

I can't actually recall what I did

oh nice. i went with "shell" at the installer and created a zpool/BSD dataset that is encrypted and installed to that, plus a have an unencrypted ZFS boot partition with all the features off for grub to work

the boot process on EFI is straightforward: loader.efi is responsible for finding /boot/ (to get loader.conf, the kernel, etc.), processing loader.conf, and running the kernel

but im not sure how to get it to boot

encrypted how?

native zfs

freebsd doesnt use an initrd ,right?

and im guessing theres no way to build something like a linux UKI?

loader.efi supports doing a whole lot of things

I'm pretty sure I got it to boot from an image file on the ESP, but I don't have the details handy

where can i find a copy of the loader.efi dark magik book?

hm

image file? like an mfsroot?

let me see if I still have it kicking around somewhere

seems not

so loader has the concept of a vdisk, which can be any file that it can access via any of the filesystems it can read

and which is treated as a device in itself

so that can be a file on the ESP for example

what I was aiming for when I looked at this was to see whether it was possible to make a "rescue" filesystem on the ESP

hm. interesting. ill look. any links you may have woudl be helpful

Happy Canada Day! <wherever applicable>

happy birthday, leibniz

hi, is possible to disable ASLR for only one binary or jail? I would like to make this working: cc -fsanitize=address ...

pvalenta: try 'proccontrol -m aslr -s disable your-command'

yuripv, great, thanks!

pvalenta, yuripv: see also, man.freebsd.org/elfctl(1)

Title: elfctl(1)

maybe those two man pages need to crosslink to each other

the interesting is: binary compiled by cc -fsanitize=addres works but clang -fsanitize=addres does not. cc is from base, clang from ports. Clang compiler from base has probably some tweaks

meena, another useful tool, thanks

pvalenta: for probably quite sensible reasons none of which i remember, the sanitise framework is not in base

i am trying efibootmgr -a -c -l pathtoloader.efi -L Freebsd in chroot but it says efi variables not supported on this system. root? kldload efirt? kldload: cant load efirt: module already loaded or in kernel.

if already loaded why i cant add bootentry then?

tyler82 if you run kenv | grep efi-version what it does tell?

tsoome: 2.31

so, it may not provide the variables... you can try another thing, what does efivar command show?

Title: Pasteboard - Uploaded Image

tsoome: efivar: no such file or directory

or efi-show from loader OK prompt. but it seems, there are no variables... have you checked for firmware update for this machine?

tsoome: yes. it was okay before i deleted the boot entry in BIOS

so it can be some sort of firmware bug.

can you re-add it from frmware?

i dont know how to add it? it is a chrooted system

do i have to bind mount sys or something??

tsoome: its work now. efivar command now listing the files. i just needed mount -t devfs none /dev in chroot.

but efibootmgr still does not work

Title: Pasteboard - Uploaded Image

meena, i have tried dereference pointer after free and error is reported so i thing sanitizer is in base: ==7049==ERROR: AddressSanitizer: heap-use-after-free on address 0x602000000070 ...

pasteboard.co/4Z4HXMYoSPV1.jpg operation not permitted. boot partition is mounted before chroot.

Title: Pasteboard - Uploaded Image

pvalenta: weird

tyler82: can you put that gpart call under (d)truss?

meena: wdym?

tyler82: I'm wondering why the operation failed with permission denied, and naïvely hoping (d)truss will be able to tell

devel/ccache-memcached just got removed. What should I replace it with?

Schamschula: something that has upstream support?

For sure! I'm just not to familiar with these packages. Just using them as part of the Poudriere infrastructure.

I see devel/ccache4, it conflicts with my currently installed tools but it's unclear if it works the same way.

Schamschula: i didn't realise that poudriere references it directly

let me hit up the committer who removed it, and ask them to fix up poudriere.conf, too

(done)

Schamschula: i reckon you can probably replace it with any other ccache, but don't quote me on that, because I'm not using any

I'll give ccache4 a try

Any recs on a VPS provider for very small stuff? I really like Vultr, but I want to put some eggs in other baskets. DO dropped official FreeBSD support, so not them.

No interest in AWS or Google. Also tried Ramnode, and... meh.

ovh maybe?

oracle cloud has arm64 free tier

hmmm... that's interesting.

I tried Google's "free" tier but somehow have ended up at $9/month. Too AWS-like anyhow.

i run there a 13.2-RELEASE vm

can't wait until we run on Hetzner's arm64 cloud. it's about half the price of their amd64 stuff

(and also poudriere jobs)

meena: hetzner left bitter taste in my mouth since they dropped freebsd support

although i run tens of freebsd servers there

otis: still hoping my project more projects to readopt FreeBSD

Hetzner dropped FreeBSD support? That one was on my shortlist. *removes*

V_PauAmma_V: for the servers. the cloud stuff still allows installing it, but it takes two steps

Thanks.

and lots of people are able to bootstrap FreeBSD on the servers, too. with mfBSD and depenguinator and stuff like that, but it sucks that we need to do extra work

meena: i think it is geom issue...

mfsBSD is awesome though

If Hztzner "supports" FreeBSD by making customers jump through the depenguinator hoop, there's no advantage for me in moving from Linode.

s/Hz/He/

at least on cloud thing they give you the ISOs to mount and install stuff, but yeah, that still stinks

hoping by the next cloud-init release to support enough to bug them into readopting it

*nod*

on servers you can install it using mfsbsd or a usb flash drive

but no longer directly using installimage

anyway, their price-performance for bare-metal is unbeatable.

spork_css: you can get some free vms that run freebsd on oracle cloud

right. i really need to put that in as standard test

I created an AWS account, but the standard images don't boot on the free Tier

(yet, fix is already committed)

Title: FreeBSD / src / bcf9147 / EC2: Default to "uefi-preferred" boot mode - FreshBSD

how can i boot into the system if i have no boot entry in BIOS? i was failed to add new boot entry with efibootmgr. i have 12 partitions on my ssd only one partition is zfs. the boot partition is fat but if i write the bootcode on it i will be unable to mount it and therefore unable to create a new boot entry with efibootmgr.

and freshbsd.org/freebsd/src/commit/117…cf46604c54e2661284af17452c4db6b2f6f

Title: FreeBSD / src / 1178acf / EC2: Default to "uefi-preferred" boot mode - FreshBSD

tyler82: do you mean the efi partition is fat?

meena: yep. i was created with newfs_msdos /dev/ada0p12

the system is zfs

on /dev/ada0p10

i am able to accesd it via other freebsd installation on external ssd and chroot into it. my aim is to create a boot entry and make it bootable again.

why does it need to be in chroot?

tyler82: you boot a life system, and tell that life system's efibootmanager to do its thing

meena: u mean live system? shell?

live System, yes, from Stick, or CD-ROM

meena: yes. i am on it but where to mount boot partition? under /rescue/boot ?

read-only filesystem

shouldn't really matter where you mount it to, if the tools can be convinced to write anywhere other than /boot

usually /mnt is what we use for temporary mounting

meena: yeah. but giving read-only filesystem error. i can mount it only under /tmp

but the zfs pool how shall i mount it? mount -t zfs does not work. shall i zpool import -f -d /dev ada0p10 ?

gpart bootcode -p operation not permitted

you'd Import it, put a temporary mount point to a different location

you shouldn't use gpart bootcode -p on EFI systems

see, if my brain was working i should have said this hours ago

RhodiumToad: You can if you set up both in parallel. I do that most of the time.

if you want both legacy boot and EFI, yes. but not for EFI only

and not if you want EFI boot management

hi, i think i talked about this before but decided now i actually do want to ask about it

anope silently segfaults for me on 13.1-RELEASE

as far as i can tell it's after linking to inspircd, and it gives absolutely no indication of error

would appreciate some direction about how to troubleshoot

is there a core dump?

let me see

(the message in /var/log/messages will say "killed by signal 11 (core dumped)" if so)

apparently not

there's a message that just says "... killed by signal 11" ?

pid 99493 (services), jid 0, uid 65534: exited on signal 11

if there's no corefile, it's time to *checks man.freebsd.org/core(5) * `sysctl kern.corefile`

Title: core(5)

there are three main reasons why a core dump might not be created:

1) the process is running with the corefile limit set to 0, 2) the process is setuid or has changed its uid or gid, and 3) the process's current dir is not writable by it

I got all three right! my brain is still good enough

65534 is uid "nobody". was the program started under that user or did it switch to it itself?

it was started as a service

that doesn't answer the question, but makes it easy to verify

ok, then what does the service startup script look like?

sorry, let me find where that is

(running programs as "nobody" is actually a bad idea. nonprivileged services should be assigned their own unique uids.)

ah i got it

the user is indeed set to nobody

how?

I'll just pastebin the full script, one sec

is this anope installed from ports, or manually?

pkg

it's from the actual repos, not ports

ports, pkg, same thing

alright, sorry

the pkg repos are just the results of building the ports tree

ok. so it's letting rc.subr change the user for it, which shouldn't prevent a core dump.

kern.sugid_coredump looks like what i want

is it?

so the most likely thing is it running in a directory it can't write to

yeah, setting ${name}_user (anope_user in this case) causes rc.subr to use either su or chroot to set the user before running the program

you can set sysctl kern.corefile=/var/tmp/%N.core or something of the sort to put the core file there

it...doesn't appear to do that still. hmmm

there we go!

thank you for help, let's see if i can figure out what the issue is now

Ok, so the bt shows #0 0x00000000002db839 in ChannelInfo::WhoSends() const () as the function where SIGSEGV was received

#1 0x000000080135d86b in ChanServCore::OnCheckModes(Reference<Channel>&) () from lib/modules/chanserv.so, and probably the rest is not that interesting

what are the registers and the failing instruction?

I'll pastebin those. Register content: bpa.st/JCCQK . I've never used layout asm before so I'll paste all of what I see and hope it started on the failing instruction, sorry. I think it's the top? bpa.st/KD2RK

Title: View paste JCCQK

ok, so this is a straightforward null pointer dereference

oh that 0x258(%rdi) is indirect addressing, right

and rdi contains 0

hrm ok

i guess I could try to build this with debug symbols and have a look how that gets there?

which debugger are you using?

i used gdb to get to this point

what's the output of disass ChannelInfo::WhoSends()

huh my bt is empty now

RhodiumToad: so what shall i use then? -p /boot/gptzfsboot -i 12 ada0 ?

let me figure that out...

tyler82: on an EFI system you should not be using gpart bootcode -p AT ALL

yeah, I'm not sure what happened because my entire bt is gone despite loading the core and the program the same way

exactly the same way? what did you do?

exited, changed directory

nothing else

using absolute paths on both

i'll paste the disassembly for where I currently am, anyway

Title: View paste 2BD6A

RhodiumToad: thats interesting. i was reading the man page and also searching on forum and found this. forums.freebsd.org/threads/update-o…he-bootcodes-for-a-gpt-scheme.80163 The first post says. -p /boot/gptzfsboot. So what shall i use for GPT UEFI then??

Title: Update of the bootcodes for a GPT scheme | The FreeBSD Forums

this appears to be the function you wanted, just can't see the bt anymore for reasons I don't really understand

oh, interesting, the directory matters

tyler82: the ESP is just an msdos filesystem. you don't use anything.

tyler82: all that matters is that there's a copy of loader.efi on the ESP and the EFI boot manager (or the EFI firmware) knows where to find it.

mewt: so, that looks like "this" in the function is NULL

mewt: (the source code is checking for that, but the compiler probably optimized that out since this isn't allowed to be null afaik)

RhodiumToad: i see. but i am hsving with this issue. bugs.freebsd.org/bugzilla/show_bug.cgi?id=229191#c2

huh alright

Title: 229191 – efibootmgr(8) fails to create boot var when ESP is mounted using a gpt label

cannot translate unix loader path

tyler82: what exact command did you run

so what is the correct way to write the bootcode then? -b will do MBR. But i have GPT UEFI

tyler82: You don't write it per se. You copy an .efi file into the right location.

mewt: so looking at ChanServCore::OnCheckModes, it's doing this:

tyler82: maybe cp /boot/loader.efi /boot/efi/efi/boot/bootx64.efi

mewt: if (c->ci) ... else c->SetModes(c->ci->WhoSends(), ...

tyler82: wiki.freebsd.org/UEFI might help explain what's going on

Title: UEFI - FreeBSD Wiki

mewt: so it's explicitly calling WhoSends on a null pointer, which I don't believe is legal C++

exciting!

mason: fuck. i see. but why everywhere mentioned this gpart bootcode -p then??

mewt: the code seems to be assuming that it just works and ends up in the method with "this" NULL, but the compiler seems to be eliding that tests

mquin: ok. thx.

gpart bootcode -p is for GPT with legacy boot

maintainer is not in here, I guess I can try and fix it and get a patch to submit?

patches are welcome everywhere :)

hehehehe

"egypcio", apparently

mewt: which version of anope are you using?

Anope-2.0.12 -- build #1, compiled 00:10:09 Apr 21 2023