diff options
| author | Michael Brown | 2015-08-21 16:04:31 +0200 |
|---|---|---|
| committer | Michael Brown | 2015-08-21 16:13:19 +0200 |
| commit | fb4ce72e64f14576f51d652ad949dabaced7b45e (patch) | |
| tree | f729163844781dc48f71c8d9cfb7d8c78e1d5e70 /src/arch/i386 | |
| parent | [dhcp] Ignore ProxyDHCPACKs without PXE options (diff) | |
| download | ipxe-fb4ce72e64f14576f51d652ad949dabaced7b45e.tar.gz ipxe-fb4ce72e64f14576f51d652ad949dabaced7b45e.tar.xz ipxe-fb4ce72e64f14576f51d652ad949dabaced7b45e.zip | |
[pxe] Warn about PXE NBPs that may be EFI executables
A relatively common user mistake is to attempt to boot an EFI
executable (such as grub.efi) using a BIOS version of iPXE.
Unfortunately there are no signature checks that we can use to
unambiguously identify a PXE NBP, since a PXE NBP is just raw machine
code. We therefore have to accept anything sufficiently small to fit
into base memory as a valid PXE NBP.
We can detect that a file might be an EFI executable by checking for
the initial "MZ" signature bytes. This does not necessarily preclude
the file from also being a PXE NBP (since it would be possible to
create a hybrid binary which acts as both an EFI executable and a PXE
NBP, similar to the way in which wimboot and the Linux kernel are
hybrid binaries which act as both an EFI executable and a bzImage).
If the initial "MZ" signature bytes are present, then attempt to warn
the user by setting the image type to "PXE-NBP (may be EFI?)". We
can't (sensibly) prevent the user from accidentally running an EFI
executable as a PXE NBP, but we can at least make it easier for the
user to identify their mistake.
Inspired-by: Robin Smidsrød <robin@smidsrod.no>
Inspired-by: Wissam Shoukair <wissams@mellanox.com>
Signed-off-by: Michael Brown <mcb30@ipxe.org>
Diffstat (limited to 'src/arch/i386')
| -rw-r--r-- | src/arch/i386/image/pxe_image.c | 46 |
1 files changed, 42 insertions, 4 deletions
diff --git a/src/arch/i386/image/pxe_image.c b/src/arch/i386/image/pxe_image.c index 499e6529..5b0f6eb8 100644 --- a/src/arch/i386/image/pxe_image.c +++ b/src/arch/i386/image/pxe_image.c @@ -38,6 +38,8 @@ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); #include <ipxe/netdevice.h> #include <ipxe/features.h> #include <ipxe/console.h> +#include <ipxe/efi/efi.h> +#include <ipxe/efi/IndustryStandard/PeImage.h> FEATURE ( FEATURE_IMAGE, "PXE", DHCP_EB_FEATURE_PXE, 1 ); @@ -125,9 +127,45 @@ int pxe_probe ( struct image *image ) { return 0; } +/** + * Probe PXE image (with rejection of potential EFI images) + * + * @v image PXE file + * @ret rc Return status code + */ +int pxe_probe_no_mz ( struct image *image ) { + uint16_t magic; + int rc; + + /* Probe PXE image */ + if ( ( rc = pxe_probe ( image ) ) != 0 ) + return rc; + + /* Reject image with an "MZ" signature which may indicate an + * EFI image incorrectly handed out to a BIOS system. + */ + if ( image->len >= sizeof ( magic ) ) { + copy_from_user ( &magic, image->data, 0, sizeof ( magic ) ); + if ( magic == cpu_to_le16 ( EFI_IMAGE_DOS_SIGNATURE ) ) { + DBGC ( image, "IMAGE %p may be an EFI image\n", + image ); + return -ENOTTY; + } + } + + return 0; +} + /** PXE image type */ -struct image_type pxe_image_type __image_type ( PROBE_PXE ) = { - .name = "PXE", - .probe = pxe_probe, - .exec = pxe_exec, +struct image_type pxe_image_type[] __image_type ( PROBE_PXE ) = { + { + .name = "PXE-NBP", + .probe = pxe_probe_no_mz, + .exec = pxe_exec, + }, + { + .name = "PXE-NBP (may be EFI?)", + .probe = pxe_probe, + .exec = pxe_exec, + }, }; |