Add MK_SOURCELESS build option. Setting MK_SOURCELESS to "no" will disable

kernel modules that include binary-only code.

More fine-grained control is provided via MK_SOURCELESS_HOST (for native code
that runs on host CPU) and MK_SOURCELESS_UCODE (for microcode).

Reviewed by:	julian, delphij, freebsd-arch
Approved by:	kib (mentor)
MFC after:	2 weeks

share/mk/bsd.own.mk

@@ -320,6 +320,9 @@ __DEFAULT_YES_OPTIONS = \
     BOOT \
     BSD_CPIO \
     BSNMP \
+    SOURCELESS \
+    SOURCELESS_HOST \
+    SOURCELESS_UCODE \
     BZIP2 \
     CALENDAR \
     CAPSICUM \
@@ -511,6 +514,11 @@ MK_BIND_UTILS:=	no
 MK_BIND_ETC:=	no
 .endif
 
+.if ${MK_SOURCELESS} == "no"
+MK_SOURCELESS_HOST:=	no
+MK_SOURCELESS_UCODE:= no
+.endif
+
 .if ${MK_CDDL} == "no"
 MK_ZFS:=	no
 MK_CTF:=	no

sys/amd64/conf/WITHOUT_SOURCELESS

@@ -0,0 +1,7 @@
+#
+# WITHOUT_SOURCELESS -- Disable drivers that include sourceless code.
+#
+# $FreeBSD$
+
+include WITHOUT_SOURCELESS_HOST
+include WITHOUT_SOURCELESS_UCODE

sys/amd64/conf/WITHOUT_SOURCELESS_HOST

@@ -0,0 +1,10 @@
+#
+# WITHOUT_SOURCELESS_UCODE -- Disable drivers that include sourceless
+# native code for host CPU.
+#
+# $FreeBSD$
+
+nodevice	hpt27xx
+nodevice	hptmv
+nodevice	hptrr
+nodevice	nve

sys/amd64/conf/WITHOUT_SOURCELESS_UCODE

@@ -0,0 +1,40 @@
+#
+# WITHOUT_SOURCELESS_UCODE -- Disable drivers that include sourceless
+# microcode.
+#
+# $FreeBSD$
+
+nodevice	bce
+nodevice	fatm
+nodevice	fxp
+nodevice	ispfw
+nodevice	mwlfw
+nodevice	ralfw
+nodevice	runfw
+nodevice	sf
+nodevice	sn
+nodevice	ti
+nodevice	txp
+nodevice	ce
+nodevice	cp
+nodevice	ctau
+nodevice	ipwfw
+nodevice	iwifw
+nodevice	iwnfw
+nodevice	wpifw
+
+# drm
+nodevice	mga
+nodevice	r128
+nodevice	radeon
+
+# sound
+nodevice	csa
+nodevice	ds1
+nodevice	maestro3
+
+# usb
+nodevice	rum
+nodevice	uath
+nodevice	zyd
+nodevice	kue

sys/i386/conf/WITHOUT_SOURCELESS

@@ -0,0 +1,7 @@
+#
+# WITHOUT_SOURCELESS -- Disable drivers that include sourceless code.
+#
+# $FreeBSD$
+
+include WITHOUT_SOURCELESS_HOST
+include WITHOUT_SOURCELESS_UCODE

sys/i386/conf/WITHOUT_SOURCELESS_HOST

@@ -0,0 +1,10 @@
+#
+# WITHOUT_SOURCELESS_UCODE -- Disable drivers that include sourceless
+# native code for host CPU.
+#
+# $FreeBSD$
+
+nodevice	hpt27xx
+nodevice	hptmv
+nodevice	hptrr
+nodevice	nve

sys/i386/conf/WITHOUT_SOURCELESS_UCODE

@@ -0,0 +1,40 @@
+#
+# WITHOUT_SOURCELESS_UCODE -- Disable drivers that include sourceless
+# microcode.
+#
+# $FreeBSD$
+
+nodevice	bce
+nodevice	fatm
+nodevice	fxp
+nodevice	ispfw
+nodevice	mwlfw
+nodevice	ralfw
+nodevice	runfw
+nodevice	sf
+nodevice	sn
+nodevice	ti
+nodevice	txp
+nodevice	ce
+nodevice	cp
+nodevice	ctau
+nodevice	ipwfw
+nodevice	iwifw
+nodevice	iwnfw
+nodevice	wpifw
+
+# drm
+nodevice	mga
+nodevice	r128
+nodevice	radeon
+
+# sound
+nodevice	csa
+nodevice	ds1
+nodevice	maestro3
+
+# usb
+nodevice	rum
+nodevice	uath
+nodevice	zyd
+nodevice	kue

sys/modules/Makefile

@@ -2,6 +2,9 @@
 
 .include <bsd.own.mk>
 
+# Modules that include binary-only blobs of microcode should be selectable by
+# MK_SOURCELESS_UCODE option (see below).
+
 SUBDIR=	${_3dfx} \
 	${_3dfx_linux} \
 	${_aac} \
@@ -36,7 +39,7 @@ SUBDIR=	${_3dfx} \
 	ath \
 	ath_pci \
 	${_auxio} \
-	bce \
+	${_bce} \
 	bfe \
 	bge \
 	${_bxe} \
@@ -95,13 +98,13 @@ SUBDIR=	${_3dfx} \
 	${_ex} \
 	${_exca} \
 	${_ext2fs} \
-	fatm \
+	${_fatm} \
 	fdc \
 	fdescfs \
 	${_fe} \
 	firewire \
 	firmware \
-	fxp \
+	${_fxp} \
 	gem \
 	geom \
 	${_glxiic} \
@@ -148,7 +151,7 @@ SUBDIR=	${_3dfx} \
 	${_isci} \
 	iscsi \
 	isp \
-	ispfw \
+	${_ispfw} \
 	${_iwi} \
 	${_iwifw} \
 	${_iwn} \
@@ -209,7 +212,7 @@ SUBDIR=	${_3dfx} \
 	${_mthca} \
 	mvs \
 	mwl \
-	mwlfw \
+	${_mwlfw} \
 	mxge \
 	my \
 	${_ncp} \
@@ -259,14 +262,14 @@ SUBDIR=	${_3dfx} \
 	puc \
 	${_qlxgb} \
 	ral \
-	ralfw \
+	${_ralfw} \
 	${_random} \
 	rc4 \
 	${_rdma} \
 	re \
 	reiserfs \
 	rl \
-	runfw \
+	${_runfw} \
 	${_s3} \
 	${_safe} \
 	${_sbni} \
@@ -276,7 +279,7 @@ SUBDIR=	${_3dfx} \
 	sdhci \
 	sem \
 	send \
-	sf \
+	${_sf} \
 	${_sfxge} \
 	sge \
 	siba_bwn \
@@ -285,7 +288,7 @@ SUBDIR=	${_3dfx} \
 	sis \
 	sk \
 	${_smbfs} \
-	sn \
+	${_sn} \
 	${_snc} \
 	snp \
 	${_sound} \
@@ -300,7 +303,7 @@ SUBDIR=	${_3dfx} \
 	${_sym} \
 	${_syscons} \
 	sysvipc \
-	ti \
+	${_ti} \
 	tl \
 	tmpfs \
 	${_tpm} \
@@ -309,7 +312,7 @@ SUBDIR=	${_3dfx} \
 	twe \
 	tws \
 	tx \
-	txp \
+	${_txp} \
 	uart \
 	ubsec \
 	udf \
@@ -358,8 +361,10 @@ _vpo=		vpo
 # No barrier instruction support (specific to this driver)
 _sym=		sym
 # intr_disable() is a macro, causes problems
+.if ${MK_SOURCELESS_UCODE} != "no"
 _cxgb=		cxgb
 .endif
+.endif
 
 .if ${MK_CRYPT} != "no" || defined(ALL_MODULES)
 .if exists(${.CURDIR}/../opencrypto)
@@ -402,6 +407,20 @@ _pfsync=	pfsync
 .endif
 .endif
 
+.if ${MK_SOURCELESS_UCODE} != "no"
+_bce=		bce
+_fatm=		fatm
+_fxp=		fxp
+_ispfw=		ispfw
+_mwlfw=		mwlfw
+_ralfw=		ralfw
+_runfw=		runfw
+_sf=		sf
+_sn=		sn
+_ti=		ti
+_txp=		txp
+.endif
+
 .if ${MACHINE_CPUARCH} == "i386"
 # XXX some of these can move to the general case when de-i386'ed
 # XXX some of these can move now, but are untested on other architectures.
@@ -417,9 +436,13 @@ _bktr=		bktr
 _bxe=		bxe
 _cardbus=	cardbus
 _cbb=		cbb
+.if ${MK_SOURCELESS_UCODE} != "no"
 _ce=		ce
+.endif
 _coff=		coff
+.if ${MK_SOURCELESS_UCODE} != "no"
 _cp=		cp
+.endif
 _cpuctl=	cpuctl
 _cpufreq=	cpufreq
 _cs=		cs
@@ -508,36 +531,52 @@ _ciss=		ciss
 _cm=		cm
 _cmx=		cmx
 _coretemp=	coretemp
+.if ${MK_SOURCELESS_UCODE} != "no"
 _ctau=		ctau
+.endif
 _dpt=		dpt
 _ex=		ex
+.if ${MK_SOURCELESS_HOST} != "no"
 _hpt27xx=	hpt27xx
+.endif
 _hptiop=	hptiop
+.if ${MK_SOURCELESS_HOST} != "no"
 _hptmv=		hptmv
 _hptrr=		hptrr
+.endif
 _ichwd=		ichwd
 _ida=		ida
 _iir=		iir
 _ipmi=		ipmi
 _ips=		ips
 _ipw=		ipw
+.if ${MK_SOURCELESS_UCODE} != "no"
 _ipwfw=		ipwfw
+.endif
 _isci=		isci
 _iwi=		iwi
+.if ${MK_SOURCELESS_UCODE} != "no"
 _iwifw=		iwifw
+.endif
 _iwn=		iwn
+.if ${MK_SOURCELESS_UCODE} != "no"
 _iwnfw=		iwnfw
+.endif
 _ixgb=		ixgb
 _ixgbe=		ixgbe
 _mly=		mly
 _nfe=		nfe
+.if ${MK_SOURCELESS_HOST} != "no"
 _nve=		nve
+.endif
 _nvram=		nvram
 _nxge=		nxge
 _tpm=		tpm
 _viawd=		viawd
 _wpi=		wpi
+.if ${MK_SOURCELESS_UCODE} != "no"
 _wpifw=		wpifw
+.endif
 .if ${MK_CRYPT} != "no" || defined(ALL_MODULES)
 _padlock=	padlock
 .endif
@@ -589,10 +628,14 @@ _et=		et
 _em=		em
 _exca=		exca
 _ext2fs=	ext2fs
+.if ${MK_SOURCELESS_HOST} != "no"
 _hpt27xx=	hpt27xx
+.endif
 _hptiop=	hptiop
+.if ${MK_SOURCELESS_HOST} != "no"
 _hptmv=		hptmv
 _hptrr=		hptrr
+.endif
 _i2c=		i2c
 _ichwd=		ichwd
 _ida=		ida
@@ -603,12 +646,18 @@ _io=		io
 _ipmi=		ipmi
 _ips=		ips
 _ipw=		ipw
+.if ${MK_SOURCELESS_UCODE} != "no"
 _ipwfw=		ipwfw
+.endif
 _isci=		isci
 _iwi=		iwi
+.if ${MK_SOURCELESS_UCODE} != "no"
 _iwifw=		iwifw
+.endif
 _iwn=		iwn
+.if ${MK_SOURCELESS_UCODE} != "no"
 _iwnfw=		iwnfw
+.endif
 _ixgb=		ixgb
 _ixgbe=		ixgbe
 _lindev=	lindev
@@ -624,7 +673,9 @@ _mthca=		mthca
 .endif
 _ndis=		ndis
 _nfe=		nfe
+.if ${MK_SOURCELESS_HOST} != "no"
 _nve=		nve
+.endif
 _nvram=		nvram
 _nxge=		nxge
 .if ${MK_CDDL} != "no" || defined(ALL_MODULES)
@@ -654,7 +705,9 @@ _vxge=  	vxge
 _x86bios=	x86bios
 _wi=		wi
 _wpi=		wpi
+.if ${MK_SOURCELESS_UCODE} != "no"
 _wpifw=		wpifw
+.endif
 .if ${MK_ZFS} != "no" || defined(ALL_MODULES)
 _zfs=		zfs
 .endif

sys/modules/drm/Makefile

@@ -1,15 +1,26 @@
 # $FreeBSD$
 
+.include <bsd.own.mk>
+
+# Modules that include binary-only blobs of microcode should be selectable by
+# MK_SOURCELESS_UCODE option (see below).
+
 SUBDIR = \
 	drm \
 	i915 \
 	mach64 \
-	mga \
-	r128 \
-	radeon \
+	${_mga} \
+	${_r128} \
+	${_radeon} \
 	savage \
 	sis \
 	tdfx \
 	via
 
+.if ${MK_SOURCELESS_UCODE} != "no"
+_mga=		mga
+_r128=		r128
+_radeon=	radeon
+.endif
+
 .include <bsd.subdir.mk>

sys/modules/sound/driver/Makefile

@@ -1,10 +1,21 @@
 # $FreeBSD$
 
-SUBDIR=		ad1816 als4000 atiixp cs4281 csa ds1 emu10k1 emu10kx
-SUBDIR+=	envy24 envy24ht es137x ess fm801 hda ich maestro maestro3
+.include <bsd.own.mk>
+
+# Modules that include binary-only blobs of microcode should be selectable by
+# MK_SOURCELESS_UCODE option (see below).
+
+SUBDIR=		ad1816 als4000 atiixp cs4281 ${_csa} ${_ds1} emu10k1 emu10kx
+SUBDIR+=	envy24 envy24ht es137x ess fm801 hda ich maestro ${_maestro3}
 SUBDIR+=	neomagic sb16 sb8 sbc solo spicds t4dwave via8233
 SUBDIR+=	via82c686 vibes driver uaudio
 
+.if ${MK_SOURCELESS_UCODE} != "no"
+_csa=		csa
+_ds1=		ds1
+_maestro3=	maestro3
+.endif
+
 .if ${MACHINE_CPUARCH} == "i386" || ${MACHINE_CPUARCH} == "amd64"
 SUBDIR+=	cmi mss
 .endif

sys/modules/usb/Makefile

@@ -25,16 +25,28 @@
 # SUCH DAMAGE.
 #
 
+.include <bsd.own.mk>
+
+# Modules that include binary-only blobs of microcode should be selectable by
+# MK_SOURCELESS_UCODE option (see below).
+
 SUBDIR = usb
 SUBDIR += ehci musb ohci uhci xhci uss820dci ${_at91dci} ${_atmegadci} ${_avr32dci}
-SUBDIR += rum run uath upgt usie ural zyd ${_urtw}
+SUBDIR += ${_rum} run ${_uath} upgt usie ural ${_zyd} ${_urtw}
 SUBDIR += atp uhid ukbd ums udbp ufm uep
 SUBDIR += ucom u3g uark ubsa ubser uchcom ucycom ufoma uftdi ugensa uipaq ulpt \
 	  umct umcs umodem umoscom uplcom uslcom uvisor uvscom
-SUBDIR += uether aue axe cdce cue kue mos rue udav uhso ipheth
+SUBDIR += uether aue axe cdce cue ${_kue} mos rue udav uhso ipheth
 SUBDIR += usfs umass urio
 SUBDIR += quirk template
 
+.if ${MK_SOURCELESS_UCODE} != "no"
+_rum=		rum
+_uath=		uath
+_zyd=		zyd
+_kue=		kue
+.endif
+
 .if ${MACHINE_CPUARCH} == "amd64"
 _urtw=		urtw
 .endif

tools/build/options/WITHOUT_SOURCELESS

@@ -0,0 +1,2 @@
+.\" $FreeBSD$
+Set to not build kernel modules that include sourceless code (either microcode or native code for host CPU).

tools/build/options/WITHOUT_SOURCELESS_HOST

@@ -0,0 +1,2 @@
+.\" $FreeBSD$
+Set to not build kernel modules that include sourceless native code for host CPU.

tools/build/options/WITHOUT_SOURCELESS_UCODE

@@ -0,0 +1,2 @@
+.\" $FreeBSD$
+Set to not build kernel modules that include sourceless microcode.