summaryrefslogtreecommitdiffstats
path: root/src/include/ipxe
Commit message (Collapse)AuthorAgeFilesLines
* [ocsp] Accept response certID with missing hashAlgorithm parametersMichael Brown2019-03-101-2/+2
| | | | | | | | | | | | | | | | | | One of the design goals of ASN.1 DER is to provide a canonical serialization of a data structure, thereby allowing for equality of values to be tested by simply comparing the serialized bytes. Some OCSP servers will modify the request certID to omit the optional (and null) "parameters" portion of the hashAlgorithm. This is arguably legal but breaks the ability to perform a straightforward bitwise comparison on the entire certID field between request and response. Fix by comparing the OID-identified hashAlgorithm separately from the remaining certID fields. Originally-fixed-by: Thilo Fromm <Thilo@kinvolk.io> Signed-off-by: Michael Brown <mcb30@ipxe.org>
* [tls] Display validator messages only while validation is in progressMichael Brown2019-03-101-0/+2
| | | | | | | Allow the cipherstream to report progress status messages during connection establishment. Signed-off-by: Michael Brown <mcb30@ipxe.org>
* [tls] Support stateless session resumptionMichael Brown2019-03-061-0/+12
| | | | | | | Add support for RFC5077 session ticket extensions to allow for stateless TLS session resumption. Signed-off-by: Michael Brown <mcb30@ipxe.org>
* [tls] Support stateful session resumptionMichael Brown2019-02-211-2/+29
| | | | | | | | | | | | | Record the session ID (if any) provided by the server and attempt to reuse it for any concurrent connections to the same server. If multiple connections are initiated concurrently (e.g. when using PeerDist) then defer sending the ClientHello for all but the first connection, to allow time for the first connection to potentially obtain a session ID (and thereby speed up the negotiation for all remaining connections). Signed-off-by: Michael Brown <mcb30@ipxe.org>
* [efi] Blacklist the Dell Ip4ConfigDxe driverMichael Brown2019-02-192-0/+14
| | | | | | | | | | | | | | | | | | On a Dell OptiPlex 7010, calling DisconnectController() on the LOM device handle will lock up the system. Debugging shows that execution is trapped in an infinite loop that is somehow trying to reconnect drivers (without going via ConnectController()). The problem can be reproduced in the UEFI shell with no iPXE code present, by using the "disconnect" command. Experimentation shows that the only fix is to unload (rather than just disconnect) the "Ip4ConfigDxe" driver. Add the concept of a blacklist of UEFI drivers that will be automatically unloaded when iPXE runs as an application, and add the Dell Ip4ConfigDxe driver to this blacklist. Signed-off-by: Michael Brown <mcb30@ipxe.org>
* [init] Show startup and shutdown function names in debug messagesMichael Brown2019-01-251-0/+1
| | | | Signed-off-by: Michael Brown <mcb30@ipxe.org>
* [intelxl] Add driver for Intel 40 Gigabit Ethernet NICsMichael Brown2018-07-171-0/+1
| | | | Signed-off-by: Michael Brown <mcb30@ipxe.org>
* [icplus] Add driver for IC+ network cardSylvie Barlow2018-04-201-0/+1
| | | | | Signed-off-by: Sylvie Barlow <sylvie.c.barlow@gmail.com> Signed-off-by: Michael Brown <mcb30@ipxe.org>
* [mii] Add bit-bashing interfaceSylvie Barlow2018-04-201-0/+55
| | | | | | Signed-off-by: Sylvie Barlow <sylvie.c.barlow@gmail.com> Modified-by: Michael Brown <mcb30@ipxe.org> Signed-off-by: Michael Brown <mcb30@ipxe.org>
* [mii] Add mii_find()Sylvie Barlow2018-04-201-0/+4
| | | | | | | Add the function mii_find() in order to locate the PHY address. Signed-off-by: Sylvie Barlow <sylvie.c.barlow@gmail.com> Signed-off-by: Michael Brown <mcb30@ipxe.org>
* [mii] Fix typo in parameter nameMichael Brown2018-04-201-1/+1
| | | | Signed-off-by: Michael Brown <mcb30@ipxe.org>
* [tcp] Add missing packed attribute on struct tcp_headerMichael Brown2018-04-191-1/+1
| | | | | | Debugged-by: Mark Rutland <mark.rutland@arm.com> Debugged-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Michael Brown <mcb30@ipxe.org>
* [mii] Separate concepts of MII interface and MII deviceMichael Brown2018-04-191-19/+48
| | | | | | | | | | | | | We currently have no generic concept of a PHY address, since all existing implementations simply hardcode the PHY address within the MII access methods. A bit-bashing MII interface will need to be provided with an explicit PHY address in order to generate the correct waveform. Allow for this by separating out the concept of a MII device (i.e. a specific PHY address attached to a particular MII interface). Signed-off-by: Michael Brown <mcb30@ipxe.org>
* [tls] Rename tls_session to tls_connectionMichael Brown2018-03-241-2/+2
| | | | | | | | | | | | In TLS terminology a session conceptually spans multiple individual connections, and essentially represents the stored cryptographic state (master secret and cipher suite) required to establish communication without going through the certificate and key exchange handshakes. Rename tls_session to tls_connection in order to make the name tls_session available to represent the session state. Signed-off-by: Michael Brown <mcb30@ipxe.org>
* [list] Add list_is_first_entry() and list_is_last_entry()Michael Brown2018-03-241-0/+22
| | | | Signed-off-by: Michael Brown <mcb30@ipxe.org>
* [rng] Use fixed-point calculations for min-entropy quantitiesMichael Brown2018-03-204-9/+29
| | | | | | | | | | | | | | We currently perform various min-entropy calculations using build-time floating-point arithmetic. No floating-point code ends up in the final binary, since the results are eventually converted to integers and asserted to be compile-time constants. Though this mechanism is undoubtedly cute, it inhibits us from using "-mno-sse" to prevent the use of SSE registers by the compiler. Fix by using fixed-point arithmetic instead. Signed-off-by: Michael Brown <mcb30@ipxe.org>
* [time] Add support for the ACPI power management timerMichael Brown2018-03-201-0/+7
| | | | | | | | Allow the ACPI power management timer to be used if enabled via TIMER_ACPI in config/timer.h. This provides an alternative timer on systems where the standard 8254 PIT is unavailable or unreliable. Signed-off-by: Michael Brown <mcb30@ipxe.org>
* [ocsp] Allow OCSP checks to be disabledMichael Brown2018-03-181-0/+12
| | | | | | | | | Some CAs provide non-functional OCSP servers, and some clients are forced to operate on networks without access to the OCSP servers. Allow the user to explicitly disable the use of OCSP checks by undefining OCSP_CHECK in config/crypto.h. Signed-off-by: Michael Brown <mcb30@ipxe.org>
* [ocsp] Centralise test for whether or not an OCSP check is requiredMichael Brown2018-03-181-0/+15
| | | | Signed-off-by: Michael Brown <mcb30@ipxe.org>
* [lacp] Mark link as blocked if partner is not yet up and runningMichael Brown2018-03-181-0/+6
| | | | | | | | | | | | Mark the link as blocked if the LACP partner is not reporting itself as being in sync, collecting, and distributing. This matches the behaviour for STP: we mark the link as blocked if we detect that the switch is actively blocking traffic, in order to extend the DHCP discovery period and so prevent boot failures on switches that take an excessively long time to enable ports. Signed-off-by: Michael Brown <mcb30@ipxe.org>
* [process] Include process name in debug messagesMichael Brown2018-02-201-2/+7
| | | | Signed-off-by: Michael Brown <mcb30@ipxe.org>
* [http] Allow for domain names within NTLM user namesMichael Brown2018-02-191-0/+30
| | | | | | | | | Allow a NetBIOS domain name to be specified within a URL using a syntax such as: http://domain%5Cusername:password@server/path Signed-off-by: Michael Brown <mcb30@ipxe.org>
* [ena] Add driver for Amazon ENA virtual function NICMichael Brown2018-01-131-0/+1
| | | | Signed-off-by: Michael Brown <mcb30@ipxe.org>
* [legal] Add missing FILE_LICENCE declarationsMichael Brown2017-12-292-0/+4
| | | | | | | Add missing FILE_LICENCE declarations to EFI headers based on the corresponding source file. Signed-off-by: Michael Brown <mcb30@ipxe.org>
* [http] Add support for NTLM authenticationMichael Brown2017-11-122-0/+26
| | | | Signed-off-by: Michael Brown <mcb30@ipxe.org>
* [http] Handle parsing of WWW-Authenticate header within authentication schemeMichael Brown2017-11-121-8/+47
| | | | | | | Allow individual authentication schemes to parse WWW-Authenticate headers that do not comply with RFC2617. Signed-off-by: Michael Brown <mcb30@ipxe.org>
* [ntlm] Add support for NTLM authentication mechanismMichael Brown2017-11-122-0/+200
| | | | Signed-off-by: Michael Brown <mcb30@ipxe.org>
* [crypto] Add MD4 message digest algorithmMichael Brown2017-11-122-0/+79
| | | | Signed-off-by: Michael Brown <mcb30@ipxe.org>
* [peerdist] Gather and report peer statistics during downloadMichael Brown2017-09-062-0/+19
| | | | | | | | | Record and report the number of peers (calculated as the maximum number of peers discovered for a block's segment at the time that the block download is complete), and the percentage of blocks retrieved from peers rather than from the origin server. Signed-off-by: Michael Brown <mcb30@ipxe.org>
* [job] Allow jobs to report an arbitrary status messageMichael Brown2017-09-061-0/+2
| | | | Signed-off-by: Michael Brown <mcb30@ipxe.org>
* [hyperv] Do not steal ownership from the Gen 2 UEFI firmwareMichael Brown2017-07-281-0/+7
| | | | | | | | | | | | | | | | | | | | | | | | | | We must not steal ownership from the Gen 2 UEFI firmware, since doing so will cause an immediate system crash (most likely in the form of a reboot). This problem was masked before commit a0f6e75 ("[hyperv] Do not fail if guest OS ID MSR is already set"), since prior to that commit we would always fail if we found any non-zero guest OS identity. We now accept a non-zero previous guest OS identity in order to allow for situations such as chainloading from iPXE to another iPXE, and as a prerequisite for commit b91cc98 ("[hyperv] Cope with Windows Server 2016 enlightenments"). A proper fix would be to reverse engineer the UEFI protocols exposed within the Hyper-V Gen 2 firmware and use these to bind to the VMBus device representing the network connection, (with the native Hyper-V driver moved to become a BIOS-only feature). As an interim solution, fail to initialise the native Hyper-V driver if we detect the guest OS identity known to be used by the Gen 2 UEFI firmware. This will cause the standard all-drivers build (ipxe.efi) to fall back to using the SNP driver. Signed-off-by: Michael Brown <mcb30@ipxe.org>
* [lan78xx] Add driver for Microchip LAN78xx USB Ethernet NICsMichael Brown2017-07-101-0/+1
| | | | | Originally-implemented-by: Ravi Hegde <ravi.hegde@microchip.com> Signed-off-by: Michael Brown <mcb30@ipxe.org>
* [virtio] Support VIRTIO_NET_F_IOMMU_PLATFORMJason Wang2017-07-101-0/+1
| | | | | | | | | Since we don't enable IOMMU at all, we can then simply enable the IOMMU support by claiming the support of VIRITO_F_IOMMU_PLATFORM. This fixes booting failure when iommu_platform is set from qemu cli. Signed-off-by: Jason Wang <jasowang@redhat.com> Signed-off-by: Michael Brown <mcb30@ipxe.org>
* [smscusb] Abstract out common SMSC USB device functionalityMichael Brown2017-07-071-0/+1
| | | | | | | | | The smsc75xx and smsc95xx drivers include a substantial amount of identical functionality, varying only in the base address of register sets. Abstract out this common functionality to allow code to be shared between the drivers. Signed-off-by: Michael Brown <mcb30@ipxe.org>
* [tls] Support RFC5746 secure renegotiationMichael Brown2017-07-041-0/+15
| | | | | | | Support renegotiation with servers supporting RFC5746. This allows for the use of per-directory client certificates. Signed-off-by: Michael Brown <mcb30@ipxe.org>
* [usb] Use non-zero language ID to retrieve stringsMichael Brown2017-07-031-0/+6
| | | | | | | | | | | | We currently use a zero language ID to retrieve strings such as the ECM/NCM MAC address. This works on most hardware devices, but is known to fail on some software emulated CDC-NCM devices. Fix by using the first supported language ID, falling back to English (0x0409) if any error occurs when fetching the list of supported languages. This matches the behaviour of the Linux kernel. Signed-off-by: Michael Brown <mcb30@ipxe.org>
* [exanic] Add driver for Exablaze ExaNIC cardsMichael Brown2017-06-241-0/+1
| | | | Signed-off-by: Michael Brown <mcb30@ipxe.org>
* [crypto] Expose pem_asn1() for use with non-image dataMichael Brown2017-06-201-1/+7
| | | | Signed-off-by: Michael Brown <mcb30@ipxe.org>
* [crypto] Provide asn1_built() to construct a cursor from a builderMichael Brown2017-06-201-0/+24
| | | | | | | | | | | | | Our ASN.1 parsing code uses a struct asn1_cursor, while the object construction code uses a struct asn1_builder. These structures are identical apart from the const modifier applied to the data pointer in struct asn1_cursor. Provide asn1_built() to safely typecast a struct asn1_builder to a struct asn1_cursor, allowing constructed objects to be passed to functions expecting a struct asn1_cursor. Signed-off-by: Michael Brown <mcb30@ipxe.org>
* [crypto] Expose asn1_grow()Michael Brown2017-06-201-0/+1
| | | | Signed-off-by: Michael Brown <mcb30@ipxe.org>
* [crypto] Expose RSA_CTX_SIZE constantMichael Brown2017-06-201-0/+3
| | | | Signed-off-by: Michael Brown <mcb30@ipxe.org>
* [usb] Allow for USB network devices with no interrupt endpointMichael Brown2017-06-141-1/+13
| | | | Signed-off-by: Michael Brown <mcb30@ipxe.org>
* [acpi] Expose ACPI tables via settings mechanismMichael Brown2017-05-231-0/+1
| | | | | | | | | | | | | | | | | | | | | | | Allow values to be read from ACPI tables using the syntax ${acpi/<signature>.<index>.0.<offset>.<length>} where <signature> is the ACPI table signature as a 32-bit hexadecimal number (e.g. 0x41504093 for the 'APIC' signature on the MADT), <index> is the index into the array of tables matching this signature, <offset> is the byte offset within the table, and <length> is the field length in bytes. Numeric values are returned in reverse byte order, since ACPI numeric values are usually little-endian. For example: ${acpi/0x41504943.0.0.0.0} - entire MADT table in raw hex ${acpi/0x41504943.0.0.0x0a.6:string} - MADT table OEM ID ${acpi/0x41504943.0.0.0x24.4:uint32} - local APIC address Signed-off-by: Michael Brown <mcb30@ipxe.org>
* [efi] Provide access to ACPI tablesMichael Brown2017-05-233-0/+67
| | | | Signed-off-by: Michael Brown <mcb30@ipxe.org>
* [acpi] Make acpi_find_rsdt() a per-platform methodMichael Brown2017-05-232-16/+69
| | | | Signed-off-by: Michael Brown <mcb30@ipxe.org>
* [settings] Extend numerical setting tags to 64 bitsMichael Brown2017-05-221-1/+1
| | | | Signed-off-by: Michael Brown <mcb30@ipxe.org>
* [hyperv] Cope with Windows Server 2016 enlightenmentsMichael Brown2017-04-282-0/+29
| | | | | | | | | | | | | | | | | | | | | | | An "enlightened" external bootloader (such as Windows Server 2016's winload.exe) may take ownership of the Hyper-V connection before all INT 13 operations have been completed. When this happens, all VMBus devices are implicitly closed and we are left with a non-functional network connection. Detect when our Hyper-V connection has been lost (by checking the SynIC message page MSR). Reclaim ownership of the Hyper-V connection and reestablish any VMBus devices, without disrupting any existing iPXE state (such as IPv4 settings attached to the network device). Windows Server 2016 will not cleanly take ownership of an active Hyper-V connection. Experimentation shows that we can quiesce by resetting only the SynIC message page MSR; this results in a successful SAN boot (on a Windows 2012 R2 physical host). Choose to quiesce by resetting (almost) all MSRs, in the hope that this will be more robust against corner cases such as a stray synthetic interrupt occurring during the handover. Signed-off-by: Michael Brown <mcb30@ipxe.org>
* [block] Provide abstraction to allow system to be quiescedMichael Brown2017-04-261-0/+31
| | | | | | | | | | | | | | | | | | When performing a SAN boot via INT 13, there is no way for the operating system to indicate that it has finished using the INT 13 SAN device. We therefore have no opportunity to clean up state before the loaded operating system's native drivers take over. This can cause problems when booting Windows, which tends not to be forgiving of unexpected system state. Windows will typically write a flag to the SAN device as the last action before transferring control to the native drivers. We can use this as a heuristic to bring the system to a quiescent state (without performing a full shutdown); this provides us an opportunity to temporarily clean up state that could otherwise prevent a successful Windows boot. Signed-off-by: Michael Brown <mcb30@ipxe.org>
* [block] Provide sandev_read() and sandev_write() as global symbolsMichael Brown2017-04-261-6/+4Star
| | | | Signed-off-by: Michael Brown <mcb30@ipxe.org>
* [block] Allow use of a non-default EFI SAN boot filenameMichael Brown2017-04-123-1/+10
| | | | | | | | | | | | | | | | | | | | | | | Some older operating systems (e.g. RHEL6) use a non-default filename on the root disk and rely on setting an EFI variable to point to the bootloader. This does not work when performing a SAN boot on a machine where the EFI variable is not present. Fix by allowing a non-default filename to be specified via the "sanboot --filename" option or the "san-filename" setting. For example: sanboot --filename \efi\redhat\grub.efi \ iscsi:192.168.0.1::::iqn.2010-04.org.ipxe.demo:rhel6 or option ipxe.san-filename code 188 = string; option ipxe.san-filename "\\efi\\redhat\\grub.efi"; option root-path "iscsi:192.168.0.1::::iqn.2010-04.org.ipxe.demo:rhel6"; Originally-implemented-by: Vishvananda Ishaya Abrams <vish.ishaya@oracle.com> Signed-off-by: Michael Brown <mcb30@ipxe.org>