[PATCH 2/2] efi_loader: support boot from URI device path

Masahisa Kojima masahisa.kojima at linaro.org
Fri Aug 25 09:56:51 CEST 2023


On Thu, 24 Aug 2023 at 15:57, Heinrich Schuchardt <xypron.glpk at gmx.de> wrote:
>
> On 8/23/23 10:37, Masahisa Kojima wrote:
> > This supports to boot from the URI device path.
> > When user selects the URI device path, bootmgr downloads
> > the file using wget into the address specified by loadaddr
> > env variable.
> > If the file is .iso or .img file, mount the image with blkmap
> > then try to boot with the default file(e.g. EFI/BOOT/BOOTAA64.EFI).
> > If the file is .efi file, load and start the downloaded file.
> >
> > Signed-off-by: Masahisa Kojima <masahisa.kojima at linaro.org>
> > ---
> >   lib/efi_loader/efi_bootmgr.c | 213 +++++++++++++++++++++++++++++++++++
> >   1 file changed, 213 insertions(+)
> >
> > diff --git a/lib/efi_loader/efi_bootmgr.c b/lib/efi_loader/efi_bootmgr.c
> > index a40762c74c..8b20f486f2 100644
> > --- a/lib/efi_loader/efi_bootmgr.c
> > +++ b/lib/efi_loader/efi_bootmgr.c
> > @@ -7,10 +7,14 @@
> >
> >   #define LOG_CATEGORY LOGC_EFI
> >
> > +#include <blk.h>
> > +#include <blkmap.h>
> >   #include <common.h>
> >   #include <charset.h>
> > +#include <dm.h>
> >   #include <log.h>
> >   #include <malloc.h>
> > +#include <net.h>
> >   #include <efi_default_filename.h>
> >   #include <efi_loader.h>
> >   #include <efi_variable.h>
> > @@ -168,6 +172,209 @@ out:
> >       return ret;
> >   }
> >
> > +#if (IS_ENABLED(CONFIG_BLKMAP) && IS_ENABLED(CONFIG_CMD_WGET) && IS_ENABLED(CONFIG_CMD_DNS))
> > +/**
> > + * mount_image() - mount the image
> > + *
> > + * @lo_label label of load option
> > + * @file_size        file size
> > + * @handle:  pointer to handle for newly installed image
> > + * Return:   status code
> > + */
> > +static efi_status_t mount_image(u16 *lo_label, int file_size,
> > +                             efi_handle_t *handle)
> > +{
> > +     int err;
> > +     efi_status_t ret;
> > +     char *label = NULL, *p;
> > +     lbaint_t blknum;
> > +     struct udevice *bm_dev;
> > +     efi_handle_t bm_handle;
> > +     struct udevice *blk, *partition;
> > +     struct efi_handler *handler;
> > +     struct efi_device_path *file_path;
> > +     struct efi_device_path *device_path;
> > +
> > +     label = efi_alloc(utf16_utf8_strlen(lo_label) + 1);
> > +     if (!label)
> > +             return EFI_OUT_OF_RESOURCES;
> > +
> > +     p = label;
> > +     utf16_utf8_strcpy(&p, lo_label);
> > +     err = blkmap_create(label, NULL);
> > +     if (err) {
> > +             log_err("failed to create blkmap\n");
> > +             ret = EFI_INVALID_PARAMETER;
> > +             goto out;
> > +     }
> > +     bm_dev = blkmap_from_label(label);
> > +     if (!bm_dev) {
> > +             log_err("\"%s\" is not the name of any known blkmap\n", label);
> > +             ret = EFI_INVALID_PARAMETER;
> > +             goto out;
> > +     }
> > +
> > +     blknum = file_size / 512; /* TODO: don't use literal value. */
>
> Can't you retrieve the block size from the udevice?
I have tried but I can't get block size. Anyway I will check again.

>
> > +     err = blkmap_map_pmem(bm_dev, 0, blknum, image_load_addr);
> > +     if (err) {
> > +             log_err("Unable to map %#llx at block %d : %d\n",
> > +                     (unsigned long long)image_load_addr, 0, err);
> > +             ret = EFI_INVALID_PARAMETER;
> > +             goto out;
> > +     }
> > +     log_info("Block %d+0x" LBAF " mapped to %#llx\n", 0, blknum,
> > +              (unsigned long long)image_load_addr);
> > +
> > +     /* TODO: without calling this, partition devices are not binded. */
>
> %s/binded/bound/
Thank you for correcting the typo.

>
> > +     blk_list_part(UCLASS_BLKMAP);
>
> Why would you want to display all BLKMAP devices?
> Please, avoid unnecessary output.
I will try to probe all the partitions with device_probe() call.

>
> > +
> > +     /*
> > +      * Search the partition having EFI_SIMPLE_FILE_SYSTEM_PROTOCOL,
> > +      * then try to load with the default boot file(e.g. EFI/BOOT/BOOTAA64.EFI).
> > +      */
> > +     device_foreach_child(blk, bm_dev)
> > +     {
>
> You need to check that blk is of type UCLASS_PARTITION.
OK.

>
> What about images that have no partition table but only a file system?
I will check how to handle this case.

>
> > +             device_foreach_child(partition, blk)
> > +             {
> > +                     if (dev_tag_get_ptr(partition, DM_TAG_EFI,
> > +                                         (void **)&bm_handle)) {
> > +                             log_warning("DM_TAG_EFI not found\n");
> > +                             continue;
> > +                     }
> > +
> > +                     ret = efi_search_protocol(
> > +                             bm_handle,
> > +                             &efi_simple_file_system_protocol_guid,
> > +                             &handler);
> > +                     if (ret != EFI_SUCCESS)
> > +                             continue;
> > +
> > +                     ret = efi_search_protocol(
> > +                             bm_handle, &efi_guid_device_path, &handler);
> > +                     if (ret != EFI_SUCCESS)
> > +                             continue;
> > +
> > +                     ret = efi_protocol_open(handler, (void **)&device_path,
> > +                                             efi_root, NULL,
> > +                                             EFI_OPEN_PROTOCOL_GET_PROTOCOL);
> > +                     if (ret != EFI_SUCCESS)
> > +                             continue;
>
> Do you expect multiple ESPs? Why not return the error here?
According to the UEFI spec, the system can boot from the device
having EFI_SIMPLE_FILE_SYSTEM_PROTOCOL.
This loop does not try to find the ESP, try to find the device having
EFI_SIMPLE_FILE_SYSTEM_PROTOCOL and check if there is a
default boot file(e.g. EFI/BOOT/BOOTAA64.EFI).

>
> > +
> > +                     file_path = expand_media_path(device_path);
> > +                     ret = EFI_CALL(efi_load_image(true, efi_root, file_path,
> > +                                                   NULL, 0, handle));
> > +                     efi_free_pool(file_path);
> > +                     if (ret == EFI_SUCCESS)
> > +                             goto out;
>
> ditto
At here, the default boot file is loaded into the memory, we could
exit the loop and
start the image.

>
> > +             }
> > +     }
> > +
>
> ret may not even be initialized at this point!
Thank you, I will fix this, EFI_NOT_FOUND should be returned.

> I would expect EFI_NOT_FOUND to be returned if there is no ESP.
My intention here is that there is no bootable device contains default
boot file(e.g. EFI/BOOT/BOOTAA64.EFI).

>
> > +out:
> > +     efi_free_pool(label);
> > +
> > +     return ret;
> > +}
> > +
> > +/**
> > + * try_load_from_uri_path() - Handle the URI device path
> > + *
> > + * @uridp:   uri device path
> > + * @lo_label label of load option
> > + * @handle:  pointer to handle for newly installed image
> > + * Return:   status code
> > + */
> > +static efi_status_t try_load_from_uri_path(struct efi_device_path_uri *uridp,
> > +                                        u16 *lo_label,
> > +                                        efi_handle_t *handle)
> > +{
> > +     efi_status_t ret;
> > +     int file_size, file_name_len;
> > +     char *s, *host_name, *file_name, *str_copy;
> > +
> > +     /*
> > +      * Download file using wget.
> > +      *
> > +      * URI device path content is like http://www.example.com/sample/test.iso.
> > +      * U-Boot wget takes the target uri in this format.
> > +      *  "<http server ip>:<file path>"  e.g.) 192.168.1.1:/sample/test.iso
> > +      * Need to resolve the http server ip address before starting wget.
> > +      */
> > +
> > +     /* only support "http://" */
> > +     if (strncmp(uridp->uri, "http://", 7)) {
> > +             log_err("Error: uri must start with http://\n");
> > +             return EFI_INVALID_PARAMETER;
> > +     }
> > +
> > +     str_copy = strdup(uridp->uri);
> > +     if (!str_copy)
> > +             return EFI_OUT_OF_RESOURCES;
> > +     s = str_copy + strlen("http://");
> > +     host_name = strsep(&s, "/");
>
> This could be "user:password at example.com".
Yes, but current wget does not support this format.
Need to be checked when the user input the URI as you suggested.

>
> > +     if (!s) {
> > +             log_err("Error: invalied uri, no file path\n");
> > +             ret = EFI_INVALID_PARAMETER;
> > +             goto out;
> > +     }
> > +     file_name = s;
> > +     net_dns_resolve = host_name;
> > +     net_dns_env_var = "httpserverip";
> > +     if (net_loop(DNS) < 0) {
>
> Why call net_loop(DNS) for an IP address like
> [2a00:1450:4001:812::200e] or 142.250.185.206?
Currently lwip migration is ongoing, and lwip wget correctly handles this.
I plan to rebase on top of the lwip port.

>
> > +             log_err("Error: dns lookup of %s failed, check setup\n", net_dns_resolve);
> > +             ret = EFI_INVALID_PARAMETER;
> > +             goto out;
> > +     }
>
> This logic seems not to be EFI related. There should be a network
> library function that takes a URL and returns a filled buffer.
>
> > +     s = env_get("httpserverip");
>
> Why should this variable be used if host_name is "142.250.185.206"?
OK.

>
> If the host name has no DNS entry and is not a valid IP address we
> should error out here.
OK.

>
> > +     if (!s) {
> > +             ret = EFI_INVALID_PARAMETER;
> > +             goto out;
> > +     }
> > +
> > +     /*
> > +      * WGET requires that "net_boot_file_name" and "image_load_addr" global
> > +      * variables are properly set in advance.
> > +      */
> > +     strlcpy(net_boot_file_name, s, 1024);
> > +     strlcat(net_boot_file_name, ":/", 1024); /* append '/' which is removed by strsep() */
>
> On a single IP address you may find multiple servers. Even if there is
> only one it may not provide the resource if you don't supply the host name.
>
> It would be preferable to adjust wget to comply to RFC 7320 ("Hypertext
> Transfer Protocol (HTTP/1.1): Message Syntax and Routing") and provide a
> HOST: header.

Current wget does not support HOST: header but lwip port does support.
So lwip migration will address this issue.

>
> > +     strlcat(net_boot_file_name, file_name, 1024);
> > +     s = env_get("loadaddr");
> > +     if (!s) {
> > +             log_err("Error: loadaddr is not set\n");
> > +             ret = EFI_INVALID_PARAMETER;
> > +             goto out;
> > +     }
> > +     image_load_addr = hextoul(s, NULL);
> > +
> > +     file_size = net_loop(WGET);
>
> This looks insecure.
>
> You must define a maximum file size before trying to download and use
> lmb_init_and_reserve() to check that the buffer is available. Otherwise
> you might download a large file that overwrites the stack or U-Boot's code.
>
> net_loop() must check that the reserved memory size is not exceeded.

OK, I will add the maximum file size env variable, or try to utilize the
Content-Length response header.

>
> > +     if (file_size < 0) {
> > +             log_err("Error: downloading file failed\n");
> > +             ret = EFI_INVALID_PARAMETER;
> > +             goto out;
> > +     }
> > +
> > +     /*
> > +      * Identify file type by file extension.
> > +      * If the file extension is ".iso" or ".img", mount it and boot with default file.
> > +      * If the file is ".efi", load and start the downloaded file.
>
> Please, don't rely on file extensions.
>
> Inspect the buffer using function efi_check_pe() to discover if it is an
> EFI binary.
OK.

>
> mount_image() should return an error code if the buffer does not contain
> a partition table or a file system.
OK.

Thanks,
Masahisa Kojima

>
> Best regards
>
> Heinrich
>
> > +      */
> > +     file_name_len = strlen(net_boot_file_name);
> > +     if (!strncmp(&net_boot_file_name[file_name_len - 4], ".iso", 4) ||
> > +         !strncmp(&net_boot_file_name[file_name_len - 4], ".img", 4)) {
> > +             ret = mount_image(lo_label, file_size, handle);
> > +     } else if (!strncmp(&net_boot_file_name[file_name_len - 4], ".efi", 4)) {
> > +             ret = efi_run_image((void *)image_load_addr, file_size);
> > +     } else {
> > +             log_err("Error: file type is not supported\n");
> > +             ret = EFI_INVALID_PARAMETER;
> > +     }
> > +
> > +out:
> > +     free(str_copy);
> > +
> > +     return ret;
> > +}
> > +#endif
> > +
> >   /**
> >    * try_load_entry() - try to load image for boot option
> >    *
> > @@ -211,6 +418,12 @@ static efi_status_t try_load_entry(u16 n, efi_handle_t *handle,
> >               if (EFI_DP_TYPE(lo.file_path, MEDIA_DEVICE, FILE_PATH)) {
> >                       /* file_path doesn't contain a device path */
> >                       ret = try_load_from_short_path(lo.file_path, handle);
> > +#if (IS_ENABLED(CONFIG_BLKMAP) && IS_ENABLED(CONFIG_CMD_WGET) && IS_ENABLED(CONFIG_CMD_DNS))
> > +             } else if (EFI_DP_TYPE(lo.file_path, MESSAGING_DEVICE, MSG_URI)) {
> > +                     ret = try_load_from_uri_path(
> > +                             (struct efi_device_path_uri *)lo.file_path,
> > +                             lo.label, handle);
> > +#endif
> >               } else {
> >                       file_path = expand_media_path(lo.file_path);
> >                       ret = EFI_CALL(efi_load_image(true, efi_root, file_path,
>


More information about the U-Boot mailing list