[PATCH v7 00/20] Introduce the lwIP network stack
Jerome Forissier
jerome.forissier at linaro.org
Wed Aug 7 00:28:01 CEST 2024
On 8/6/24 23:51, Simon Glass wrote:
> Hi Tom,
>
> On Tue, 6 Aug 2024 at 15:19, Tom Rini <trini at konsulko.com> wrote:
>>
>> On Tue, Aug 06, 2024 at 03:12:47PM -0600, Simon Glass wrote:
>>> Hi Tom,
>>>
>>> On Fri, 2 Aug 2024 at 12:32, Tom Rini <trini at konsulko.com> wrote:
>>>>
>>>> On Fri, Aug 02, 2024 at 06:26:27PM +0200, Jerome Forissier wrote:
>>>>
>>>>> This is a rework of a patch series by Maxim Uvarov: "net/lwip: add lwip
>>>>> library for the network stack" [1]. The goal is to introduce the lwIP TCP/IP
>>>>> stack [2] [3] as an alternative to the current implementation in net/,
>>>>> selectable with Kconfig, and ultimately keep only lwIP if possible. Some
>>>>> reasons for doing so are:
>>>>> - Make the support of HTTPS in the wget command easier. Javier T. and
>>>>> Raymond M. (CC'd) have some additional lwIP and Mbed TLS patches to do
>>>>> so. With that it becomes possible to fetch and launch a distro installer
>>>>> such as Debian etc. using a secure, authenticated connection directly
>>>>> from the U-Boot shell. Several use cases:
>>>>> * Authentication: prevent MITM attack (third party replacing the
>>>>> binary with a different one)
>>>>> * Confidentiality: prevent third parties from grabbing a copy of the
>>>>> image as it is being downloaded
>>>>> * Allow connection to servers that do not support plain HTTP anymore
>>>>> (this is becoming more and more common on the Internet these days)
>>>>> - Possibly benefit from additional features implemented in lwIP
>>>>> - Less code to maintain in U-Boot
>>>>>
>>>>> Prior to applying this series, the lwIP stack needs to be added as a
>>>>> Git subtree with the following command:
>>>>>
>>>>> $ git subtree add --squash --prefix lib/lwip/lwip https://git.savannah.gnu.org/git/lwip.git STABLE-2_2_0_RELEASE
>>>>
>>>> On Pi 3 I'm again / still seeing:
>>>> ========================================== FAILURES ===========================================
>>>> ___________________________________ test_efi_helloworld_net ___________________________________
>>>> test/py/tests/test_efi_loader.py:163: in test_efi_helloworld_net
>>>> assert expected_text in output
>>>> E AssertionError: assert 'Hello, world' in 'No UEFI binary known at 200000'
>>>> ------------------------------------ Captured stdout call -------------------------------------
>>>> U-Boot> tftpboot 200000 EFI/arm64/helloworld.efi
>>>> Using smsc95xx_eth device
>>>> TFTP from server 192.168.1.10; our IP address is 192.168.1.100
>>>> Filename 'EFI/arm64/helloworld.efi'.
>>>> Load address: 0x200000
>>>> Loading: #
>>>> 883.8 KiB/s
>>>> done
>>>> Bytes transferred = 4528 (11b0 hex)
>>>> U-Boot> U-Boot> crc32 200000 $filesize
>>>> crc32 for 00200000 ... 002011af ==> 2b466005
>>>> U-Boot> U-Boot> bootefi 200000
>>>> No UEFI binary known at 200000
>>>> U-Boot>
>>>> =================================== short test summary info ===================================
>>>>
>>>> On a configuration that works fine with the legacy network stack.
>>>
>>> BTW the "No UEFI binary known at 200000" is that hack that I would
>>> really like to improve on, by updating bootstd to keep track of which
>>> images are loaded.
>>
>> I don't know, if I think about this I get worried that "bootFOO
>> $address" needs to know something more than "look at $address and check
>> if it's valid".
>
> Yes, that is the problem with EFI loader at the moment. But basically
> it just wants to know what device the file came from, which we can
> (over time) clean up so that it is part of bootstd and uses proper
> APIs. Random loads within scripts are perhaps another matter...
TBH I don't understand what this "No UEFI binary known" thing is trying
to achieve. Is it trying to prevent executing memory that doesn't
contain a EFI binary? There is no way it can know. tftpboot and wget
can both load random non-EFI payload so there is no guarantee we have a
valid image after load. It should be the job of the EFI loader to behave
properly and not crash in case the binary is invalid, but if it doesn't,
no simple check can change this.
Or did I miss something?
--
Jerome
More information about the U-Boot
mailing list