mbox series

[v9,0/9] Add EFI HTTP boot support

Message ID 20231102064459.3466953-1-masahisa.kojima@linaro.org
Headers show
Series Add EFI HTTP boot support | expand

Message

Masahisa Kojima Nov. 2, 2023, 6:44 a.m. UTC
This series adds the EFI HTTP boot support.
User can add the URI device path with "efidebug boot add" command.
efibootmgr handles the URI device path, download the
specified file using wget, mount the downloaded image with
blkmap, then boot with the default file(e.g. EFI/BOOT/BOOTAA64.EFI)
by selecting automatically created boot option when the new disk is
detected.

This version still does not include the test.

To enable EFI HTTP boot, we need to enable the following Kconfig options.
 CONFIG_CMD_DNS
 CONFIG_CMD_WGET
 CONFIG_BLKMAP
 CONFIG_EFI_HTTP_BOOT

On the Socionext Developerbox, enter the following commands then
debian installer is downloaded into "loadaddr" and installer
automatically starts.
 => dhcp
 => setenv serverip 192.168.1.1
 => efidebug boot add -u 3 debian-netinst http://ftp.riken.jp/Linux/debian/debian-cd/12.1.0/arm64/iso-cd/debian-12.1.0-arm64-netinst.iso
 => efidebug boot order 3
 => bootefi bootmgr

Note that this debian installer can not proceed the installation
bacause RAM disk of installer image is not recogniged by the kernel.
I'm still investigating this issue, but drivers/nvdimm/of_pmem.c in linux
will be one of the solution to recognize RAM disk from kernel.
(In EDK2, the equivalent solution is called ACPI NFIT.)

On QEMU, I can not make DNS work from the QEMU guest.
The following commands work on qemu_arm64(manually set the http server ip in URI).
  => dhcp
  => setenv gatewayip 10.0.2.2
  => setenv httpserverip 134.160.38.1
  => efidebug boot add -u 3 debian-netinst http://134.160.38.1/Linux/debian/debian-cd/12.1.0/arm64/iso-cd/debian-12.1.0-arm64-netinst.iso
  => efidebug boot order 3
  => bootefi bootmgr

[TODO]
- add test
- stricter wget uri check
- omit the dns process if the given uri has ip address
   -> this will be supported when the lwip migration completes
- uri device path support in eficonfig
- expose ramdisk to OS

[change log]
v8 -> v9
- implement new EFI event to notify that loaded image returns
  and back to the efibootmgr
- ramdisk cleanup is done in event callback
- refactor error handling

v7 -> v8
- search the default file on the fly, instead of creating
  the boot option with default file
- delete blkmap and reserved memory in case of error or
  when the EFI application returns
- update the subject "Boot var automatic management for removable medias"
  since this automatic boot option management is also applied
  for non-removable medias
- update error handling in efidebug command
- call efi_add_memory_map() instead of exposing efi_reserve_memory()

v6 -> v7
- rename the funtion name from load_default_file_boot_option()
  to load_mounted_image()
- move some fix from patch #5 "efi_loader: support boot from URI device path" to
  patch #4 "efi_loader: create default file boot option".
- fix missing free() of default_file_path

v5 -> v6
- add patch #4 "Boot var automatic management for removable medias"
- boot from automatically created boot option
  rather than searching default file on the fly
- introduce new CONFIG_EFI_HTTP_BOOT Kconfig option
- comment in one place
- use log_err() rather than printf()
- use env_get_hex("filesize", 0) instead of return value of net_loop()
- use more suitable error code
- blkmap can be build for SPL/TPL
- add CDROM short-form device path support

v4 -> v5
- add missing else statement
- add NULL check of efi_dp_find_obj() call
- update document to remove "limitation"

v3 -> v4
- patch#8 is added to simplify the bootmgr default boot process
- add function comments

v2 -> v3
- Patch#6 is added, reserve the whole ramdisk memory region
- remove .efi file extension check for PE-COFF image
- use "if IS_ENABLED(..)" as much as possible
- 1024 should be sizeof(net_boot_file_name)
- call net_set_state(NETLOOP_FAIL) when wget encounters error
- describe DNS ip address host name limitation in document

v1 -> v2
- carve out the network handling(wget and dns code) under net/wget.c
- carve out ramdisk creation code under drivers/block/blkmap_helper.c
- wget supports the valid range check to store the received blocks using lmb
- support when the downloaded image have no partiton table but a file system
- not start the .efi file in try_load_entry()
- call efi_check_pe() for .efi file to check the file is PE-COFF image
- add documentation for EFI HTTP Boot

Masahisa Kojima (8):
  net: wget: prevent overwriting reserved memory
  net: wget: add wget with dns utility function
  blk: blkmap: add ramdisk creation utility function
  efi_loader: add missing const classifier for event service
  efi_loader: add return to efibootmgr event group
  efi_loader: support boot from URI device path
  cmd: efidebug: add uri device path
  doc: uefi: add HTTP Boot support

Raymond Mao (1):
  efi_loader: Boot var automatic management

 cmd/bootefi.c                                 |  12 +
 cmd/efidebug.c                                |  51 ++++
 doc/develop/uefi/uefi.rst                     |  30 ++
 drivers/block/Makefile                        |   3 +-
 drivers/block/blkmap.c                        |  15 -
 drivers/block/blkmap_helper.c                 |  53 ++++
 include/blkmap.h                              |  29 ++
 include/efi_api.h                             |   5 +-
 include/efi_loader.h                          |   4 +-
 include/net.h                                 |  17 ++
 lib/efi_loader/Kconfig                        |   9 +
 lib/efi_loader/efi_bootmgr.c                  | 268 ++++++++++++++++++
 lib/efi_loader/efi_boottime.c                 |   7 +-
 lib/efi_loader/efi_disk.c                     |  18 ++
 lib/efi_loader/efi_setup.c                    |   7 +
 net/wget.c                                    | 205 +++++++++++++-
 test/py/tests/test_efi_secboot/test_signed.py |  42 +--
 .../test_efi_secboot/test_signed_intca.py     |  14 +-
 .../tests/test_efi_secboot/test_unsigned.py   |  14 +-
 .../test_fs/test_squashfs/test_sqfs_ls.py     |   6 +
 20 files changed, 747 insertions(+), 62 deletions(-)
 create mode 100644 drivers/block/blkmap_helper.c

Comments

Ilias Apalodimas Nov. 2, 2023, 8:42 a.m. UTC | #1
On Thu, 2 Nov 2023 at 08:46, Masahisa Kojima <masahisa.kojima@linaro.org> wrote:
>
> This series adds the EFI HTTP boot support.
> User can add the URI device path with "efidebug boot add" command.
> efibootmgr handles the URI device path, download the
> specified file using wget, mount the downloaded image with
> blkmap, then boot with the default file(e.g. EFI/BOOT/BOOTAA64.EFI)
> by selecting automatically created boot option when the new disk is
> detected.
>
> This version still does not include the test.
>
> To enable EFI HTTP boot, we need to enable the following Kconfig options.
>  CONFIG_CMD_DNS
>  CONFIG_CMD_WGET
>  CONFIG_BLKMAP
>  CONFIG_EFI_HTTP_BOOT
>
> On the Socionext Developerbox, enter the following commands then
> debian installer is downloaded into "loadaddr" and installer
> automatically starts.
>  => dhcp
>  => setenv serverip 192.168.1.1
>  => efidebug boot add -u 3 debian-netinst http://ftp.riken.jp/Linux/debian/debian-cd/12.1.0/arm64/iso-cd/debian-12.1.0-arm64-netinst.iso
>  => efidebug boot order 3
>  => bootefi bootmgr
>
> Note that this debian installer can not proceed the installation
> bacause RAM disk of installer image is not recogniged by the kernel.
> I'm still investigating this issue, but drivers/nvdimm/of_pmem.c in linux
> will be one of the solution to recognize RAM disk from kernel.
> (In EDK2, the equivalent solution is called ACPI NFIT.)
>
> On QEMU, I can not make DNS work from the QEMU guest.
> The following commands work on qemu_arm64(manually set the http server ip in URI).
>   => dhcp
>   => setenv gatewayip 10.0.2.2
>   => setenv httpserverip 134.160.38.1
>   => efidebug boot add -u 3 debian-netinst http://134.160.38.1/Linux/debian/debian-cd/12.1.0/arm64/iso-cd/debian-12.1.0-arm64-netinst.iso
>   => efidebug boot order 3
>   => bootefi bootmgr
>
> [TODO]
> - add test
> - stricter wget uri check
> - omit the dns process if the given uri has ip address
>    -> this will be supported when the lwip migration completes
> - uri device path support in eficonfig
> - expose ramdisk to OS
>
> [change log]
> v8 -> v9
> - implement new EFI event to notify that loaded image returns
>   and back to the efibootmgr
> - ramdisk cleanup is done in event callback
> - refactor error handling
>
> v7 -> v8
> - search the default file on the fly, instead of creating
>   the boot option with default file
> - delete blkmap and reserved memory in case of error or
>   when the EFI application returns
> - update the subject "Boot var automatic management for removable medias"
>   since this automatic boot option management is also applied
>   for non-removable medias
> - update error handling in efidebug command
> - call efi_add_memory_map() instead of exposing efi_reserve_memory()
>
> v6 -> v7
> - rename the funtion name from load_default_file_boot_option()
>   to load_mounted_image()
> - move some fix from patch #5 "efi_loader: support boot from URI device path" to
>   patch #4 "efi_loader: create default file boot option".
> - fix missing free() of default_file_path
>
> v5 -> v6
> - add patch #4 "Boot var automatic management for removable medias"
> - boot from automatically created boot option
>   rather than searching default file on the fly
> - introduce new CONFIG_EFI_HTTP_BOOT Kconfig option
> - comment in one place
> - use log_err() rather than printf()
> - use env_get_hex("filesize", 0) instead of return value of net_loop()
> - use more suitable error code
> - blkmap can be build for SPL/TPL
> - add CDROM short-form device path support
>
> v4 -> v5
> - add missing else statement
> - add NULL check of efi_dp_find_obj() call
> - update document to remove "limitation"
>
> v3 -> v4
> - patch#8 is added to simplify the bootmgr default boot process
> - add function comments
>
> v2 -> v3
> - Patch#6 is added, reserve the whole ramdisk memory region
> - remove .efi file extension check for PE-COFF image
> - use "if IS_ENABLED(..)" as much as possible
> - 1024 should be sizeof(net_boot_file_name)
> - call net_set_state(NETLOOP_FAIL) when wget encounters error
> - describe DNS ip address host name limitation in document
>
> v1 -> v2
> - carve out the network handling(wget and dns code) under net/wget.c
> - carve out ramdisk creation code under drivers/block/blkmap_helper.c
> - wget supports the valid range check to store the received blocks using lmb
> - support when the downloaded image have no partiton table but a file system
> - not start the .efi file in try_load_entry()
> - call efi_check_pe() for .efi file to check the file is PE-COFF image
> - add documentation for EFI HTTP Boot
>
> Masahisa Kojima (8):
>   net: wget: prevent overwriting reserved memory
>   net: wget: add wget with dns utility function
>   blk: blkmap: add ramdisk creation utility function
>   efi_loader: add missing const classifier for event service
>   efi_loader: add return to efibootmgr event group
>   efi_loader: support boot from URI device path
>   cmd: efidebug: add uri device path
>   doc: uefi: add HTTP Boot support
>
> Raymond Mao (1):
>   efi_loader: Boot var automatic management
>
>  cmd/bootefi.c                                 |  12 +
>  cmd/efidebug.c                                |  51 ++++
>  doc/develop/uefi/uefi.rst                     |  30 ++
>  drivers/block/Makefile                        |   3 +-
>  drivers/block/blkmap.c                        |  15 -
>  drivers/block/blkmap_helper.c                 |  53 ++++
>  include/blkmap.h                              |  29 ++
>  include/efi_api.h                             |   5 +-
>  include/efi_loader.h                          |   4 +-
>  include/net.h                                 |  17 ++
>  lib/efi_loader/Kconfig                        |   9 +
>  lib/efi_loader/efi_bootmgr.c                  | 268 ++++++++++++++++++
>  lib/efi_loader/efi_boottime.c                 |   7 +-
>  lib/efi_loader/efi_disk.c                     |  18 ++
>  lib/efi_loader/efi_setup.c                    |   7 +
>  net/wget.c                                    | 205 +++++++++++++-
>  test/py/tests/test_efi_secboot/test_signed.py |  42 +--
>  .../test_efi_secboot/test_signed_intca.py     |  14 +-
>  .../tests/test_efi_secboot/test_unsigned.py   |  14 +-
>  .../test_fs/test_squashfs/test_sqfs_ls.py     |   6 +
>  20 files changed, 747 insertions(+), 62 deletions(-)
>  create mode 100644 drivers/block/blkmap_helper.c
>
> --
> 2.34.1
>

For the series
Tested-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>