Discussion:
Maintaining modified binary kernel config
Parodper
2021-05-29 17:03:06 UTC
Permalink
So I've got an old single-core computer that can't boot with radeondrm
enabled. I checked and if I disable it from the boot prompt there are no
problems, but it doesn't persist between reboots.

After checking the man pages I found the config(8) tool, which seemed to
solve my problem. Using the example on the man page I did

# config -e -o bsd.new /bsd
ukc> disable radeondrm
ukc> quit
# mv bsd.new /bsd

But that only lasts for one reboot (I think on some cases not even
that). After that the next reboots have the same problem. Any tips to
make the changes permanent?

Another related question: what is the bsd.booted kernel for? Should I
also modify that one?
Marcus MERIGHI
2021-05-29 17:35:17 UTC
Permalink
Post by Parodper
# config -e -o bsd.new /bsd
ukc> disable radeondrm
ukc> quit
# mv bsd.new /bsd
But that only lasts for one reboot (I think on some cases not even
that). After that the next reboots have the same problem. Any tips to
make the changes permanent?
someone more knowledgeable than me once upon a time said:

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
$ cat /etc/rc.shutdown
printf 'disable ulpt\nq\n' | config -ef /bsd
sha256 /bsd >/var/db/kernel.SHA256
(Antoine Jacoutot <ajacoutot-at-bsdfrog-dot-org> 19 Mar 2020 ***@openbsd.org)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

and:

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
After boot, the kernel is relinked in a random order in the background
("/usr/libexec/reorder_kernel &" in /etc/rc). This is done so that
there will be a different memory layout on different boots, making
it harder to carry out types of attack that rely on knowing where
things are in the kernel.
[...]
You can disable the reordering by removing /var/db/kernel.SHA256
but be aware that syspatch relies on the reorder_kernel mechanism in
order to apply kernel patches. So if you do this and need to apply
such patches, re-enable it temporarily before running syspatch:
"sha256 -h /var/db/kernel.SHA256 /bsd" - stop any unnecessary
processes - then run syspatch. After syspatch has finished
you can remove kernel.SHA256 again before rebooting.
(Stuart Henderson <stu-at-spacehopper-dot-org> 2 Oct 2019 ***@openbsd.org)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Hope this helps you in your quest...

Marcus

Loading...