# Why does FreeBSD-SA-17:04.ipfilter update /boot/loader.efi ?



## FStl (Apr 27, 2017)

I ran freebsd-update for the FreeBSD-SA-17:04.ipfilter update and noticed that /boot/loader.efi was also one of the files that was updated. I don't understand how an ipfilter patch also requires changes to a boot loader file.


----------



## FStl (Apr 28, 2017)

I would really appreciate if someone can tell me what is going on here.

If someone updated their FreeBSD source with svn, this is what would change for them: https://svnweb.freebsd.org/base?view=revision&revision=317487

So why are binary updates with freebsd-update getting an update for the boot loader? Is it just me? Paranoia?


----------



## SirDice (Apr 28, 2017)

FStl said:


> I don't understand how an ipfilter patch also requires changes to a boot loader file.



loader.efi is what actually loads the kernel. I'm not sure but the reason it was updated may be due to Secure Boot.


----------



## drhowarddrfine (Apr 28, 2017)

SirDice said:


> may be due to Secure Boot.


Microsoft ruins everything. All bow to the will of Microsoft.


----------



## gkontos (Apr 28, 2017)

getopt said:


> That's not sufficient. It's a hypothesis only.



Wars have begun upon a hypothesis only.


----------



## gkontos (Apr 28, 2017)

getopt As you can understand I am trolling. 

I feel very sarcastic today because after many years I had to install Windows in order to connect to a Vmware ESXi host.


----------



## getopt (Apr 28, 2017)

gkontos said:


> I feel very sarcastic today because after many years I had to install Windows


Even in IT-business there should be something like dirt money.
Don't forget to charge a satisfying surcharge.


----------



## FStl (Apr 28, 2017)

SirDice said:


> loader.efi is what actually loads the kernel. I'm not sure but the reason it was updated may be due to Secure Boot.



Even if that is the reason, why is it only delivered via freebsd-update? Why is it not reflected in the svn revision?


----------



## ondra_knezour (Apr 28, 2017)

FStl said:


> Even if that is the reason, why is it only delivered via freebsd-update? Why is it not reflected in the svn revision?


Just speculation adding to previous speculation - because source code doesn't change at all, only hashes of the loaded binaries which are not known until the build phase, when they may be inserted into the loader binary?


----------

