On Wed, 27 Aug 2025 14:25:40 -0700 "Edward Sanford Sutton, III" <mirror...@hotmail.com> wrote:
> On 8/27/25 08:37, Russell Adams wrote: > > On Thu, Aug 28, 2025 at 12:20:56AM +0900, Tomoaki AOKI wrote: > >>>>>>> Question: is there any concept to get some proper version information > >>>>>>> into these binaries, from which then some identity and the commit tag > >>>>>>> could be retrieved from which they were created? > >>> > >>> We used to encode the date the loader was built. Reproducible builds > >>> stopped that. > >> > >> Can't git hash (full or first 12 digits, possibly plus n**** number, > >> too) like in kernel help the situation? Yes, it shouldn't be suitable > >> for legacy bootcodes (wastes of bytes!), though. > > > > Really I don't care if the data is embedded in the bootcode. I > > understand it may be in a difficult format with limited space. > > > > I'm not building my own here. I just want to be able to find out what > > I have vs what was shipped. > > > > I would expect that the OS distribution tools (freebsd-upgrade) can > > verify the files I have installed, including the boot loader it is > > shipping into /boot. > > My understanding is freebsd-update leaves all boot loaders alone. > Having new ZFS code didn't break booting but upgrading a ZFS pool breaks > boot access to the pool without a corresponding boot loader update. That > was not just an EFI issue. > I forget where but recall someone wrote a script to try to detect a > difference and replace (or give instructions?) if different but it > didn't know what version anything is either. My attempt at writing a > check in my source based update scripts hasn't been correct yet but > again it was a non-version based difference check. Maybe this one? https://www.freshports.org/sysutils/loaders-update It was discussed here at the beginning. https://forums.freebsd.org/threads/utility-that-tries-to-figure-how-to-update-the-freebsd-loaders.94237/ Would NOT be covering 100% of possible configurations, though. > > I'd like to be able to compare the checksums of bootloaders I have > > from EFI against a table of checksums of the same files across > > authentic distributions. Even if it was just a text file in /var that > > freebsd-update uses or I could grep. I was disappointed that > > "freebsd-upgrade IDS" never mentioned files in /boot. > > > > I must manually update the bootloader when I upgrade FreeBSD. If I > > mess up, or lose track, I need a way to find out what I have in EFI > > against files shipped with FreeBSD. > > > > ------------------------------------------------------------------ > > Russell Adams russell.ad...@adamssystems.nl > > Principal Consultant Adams Systems Consultancy -- Tomoaki AOKI <junch...@dec.sakura.ne.jp>
