On Thu, Aug 28, 2025 at 12:20:56AM +0900, Tomoaki AOKI wrote: > > > > > > Question: is there any concept to get some proper version > > > > > > information > > > > > > into these binaries, from which then some identity and the commit > > > > > > tag > > > > > > could be retrieved from which they were created? > > > > We used to encode the date the loader was built. Reproducible builds > > stopped that. > > Can't git hash (full or first 12 digits, possibly plus n**** number, > too) like in kernel help the situation? Yes, it shouldn't be suitable > for legacy bootcodes (wastes of bytes!), though.
Really I don't care if the data is embedded in the bootcode. I understand it may be in a difficult format with limited space. I'm not building my own here. I just want to be able to find out what I have vs what was shipped. I would expect that the OS distribution tools (freebsd-upgrade) can verify the files I have installed, including the boot loader it is shipping into /boot. I'd like to be able to compare the checksums of bootloaders I have from EFI against a table of checksums of the same files across authentic distributions. Even if it was just a text file in /var that freebsd-update uses or I could grep. I was disappointed that "freebsd-upgrade IDS" never mentioned files in /boot. I must manually update the bootloader when I upgrade FreeBSD. If I mess up, or lose track, I need a way to find out what I have in EFI against files shipped with FreeBSD. ------------------------------------------------------------------ Russell Adams [email protected] Principal Consultant Adams Systems Consultancy https://adamssystems.nl/
