Regenerate src.conf.5 for recent changes.

Updates include removal of DRM2 and addition of several options
related to secure booting.

1 files changed, 57 insertions, 5 deletions

diff --git a/share/man/man5/src.conf.5 b/share/man/man5/src.conf.5
index 4f004b6718c8..d425422dc106 100644
--- a/share/man/man5/src.conf.5
+++ b/share/man/man5/src.conf.5
@@ -1,6 +1,6 @@
 .\" DO NOT EDIT-- this file is @generated by tools/build/options/makeman.
 .\" $FreeBSD$
-.Dd February 15, 2019
+.Dd March 6, 2019
 .Dt SRC.CONF 5
 .Os
 .Sh NAME
@@ -137,6 +137,33 @@ This must be set in the environment, make command line, or
 .Pa /etc/src-env.conf ,
 not
 .Pa /etc/src.conf .
+.It Va WITH_BEARSSL
+Build the BearSSL library.
+.Pp
+BearSSL is a tiny SSL library suitable for embedded environments.
+For details see
+.Lk http://www.BearSSL.org/
+.Pp
+This library is currently only used to perform
+signature verification and related operations
+for Verified Exec and
+.Xr loader 8 .
+When set, these options are also in effect:
+.Pp
+.Bl -inset -compact
+.It Va WITH_LOADER_EFI_SECUREBOOT
+(unless
+.Va WITHOUT_LOADER_EFI_SECUREBOOT
+is set explicitly)
+.It Va WITH_LOADER_VERIEXEC
+(unless
+.Va WITHOUT_LOADER_VERIEXEC
+is set explicitly)
+.It Va WITH_VERIEXEC
+(unless
+.Va WITHOUT_VERIEXEC
+is set explicitly)
+.El
 .It Va WITHOUT_BHYVE
 Set to not build or install
 .Xr bhyve 8 ,
@@ -1216,6 +1243,11 @@ option should be used rather than this in most cases.
 .Pp
 This is a default setting on
 amd64/amd64, arm/armv7, arm64/aarch64, i386/i386, mips/mipsel, mips/mips, mips/mips64el, mips/mips64, mips/mipsn32, mips/mipselhf, mips/mipshf, mips/mips64elhf, mips/mips64hf, powerpc/powerpc, powerpc/powerpc64 and powerpc/powerpcspe.
+.It Va WITH_LOADER_EFI_SECUREBOOT
+Enable building
+.Xr loader 8
+with support for verification based on certificates obtained from UEFI.
+.Pp
 .It Va WITH_LOADER_FIREWIRE
 Enable firewire support in /boot/loader on x86. This option is a nop
 on all other platforms.
@@ -1267,6 +1299,21 @@ Set to build with extra verbose debugging in the loader.
 May explode already nearly too large loader over the limit.
 Use with care.
 
+.It Va WITH_LOADER_VERIEXEC
+Enable building
+.Xr loader 8
+with support for verifcation similar to Verified Exec.
+.Pp
+It depends on
+.Va WITH_BEARSSL
+When set, these options are also in effect:
+.Pp
+.Bl -inset -compact
+.It Va WITH_LOADER_EFI_SECUREBOOT
+(unless
+.Va WITHOUT_LOADER_EFI_SECUREBOOT
+is set explicitly)
+.El
 .It Va WITHOUT_LOADER_ZFS
 Set to not build ZFS file system boot loader support.
 .It Va WITHOUT_LOCALES
@@ -1405,10 +1452,6 @@ Set to build
 .Pp
 This is a default setting on
 amd64/amd64, arm64/aarch64, i386/i386, powerpc/powerpc64 and sparc64/sparc64.
-.It Va WITH_MODULE_DRM
-Enable creation of old drm video modules.
-.It Va WITH_MODULE_DRM2
-Enable creation of old drm2 video modules.
 .It Va WITH_NAND
 Set to build the NAND Flash components.
 .It Va WITHOUT_NDIS
@@ -1869,6 +1912,15 @@ Set to not build user accounting tools such as
 .Xr lastlogin 8
 and
 .Xr utx 8 .
+.It Va WITH_VERIEXEC
+Enable building
+.Xr veriexec 8
+which loads the contents of verified manifests into the kernel
+for use by
+.Xr mac_veriexec 4
+.Pp
+It depends on
+.Va WITH_BEARSSL
 .It Va WITHOUT_VI
 Set to not build and install vi, view, ex and related programs.
 .It Va WITHOUT_VT