From owner-freebsd-current@freebsd.org Wed Jun 17 20:28:43 2020 Return-Path: Delivered-To: freebsd-current@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 4E2D433454B for ; Wed, 17 Jun 2020 20:28:43 +0000 (UTC) (envelope-from dch@skunkwerks.at) Received: from out4-smtp.messagingengine.com (out4-smtp.messagingengine.com [66.111.4.28]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 49nGqZ2vTnz4SBj for ; Wed, 17 Jun 2020 20:28:42 +0000 (UTC) (envelope-from dch@skunkwerks.at) Received: from compute4.internal (compute4.nyi.internal [10.202.2.44]) by mailout.nyi.internal (Postfix) with ESMTP id B77765C0117; Wed, 17 Jun 2020 16:28:41 -0400 (EDT) Received: from imap6 ([10.202.2.56]) by compute4.internal (MEProxy); Wed, 17 Jun 2020 16:28:41 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=skunkwerks.at; h=mime-version:message-id:in-reply-to:references:date:from:to :cc:subject:content-type; s=fm2; bh=5DAdnkBFXmG46eQ6owP4RQlDL7qA VQrGX1D9cS62Yus=; b=H5F4BDUlYPpdEGmisDU+BGCuytofr3ygIvYM79fKQyh4 JgC9mGORoq7Pj9SkPSmYJCi1rqPvDVe4yZ+lnBPrRLKsIvyz/VRfYW4G09ItbfSQ 2RWMB+BLY9YaV+zTWN/peGXeteOZi5ajVd+49u6WOjON+9lBAYgFO47UElaq+UkG UHxSMsmaYrIgRF7/QzDxhMXYIjY3PfBmlS8VuTu1zgyZYlJjMXeIpiVI7IEdtRRE /cBguAQyXOHFCAachuy32cftQRUpCqXVaod9Er6JblqLxV1p/Qzk8xYSQIDdD7pv ThtNIlfdQr8JNMT+TLIqir7rLOEvNOQ9O4wBuEDk+A== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-type:date:from:in-reply-to :message-id:mime-version:references:subject:to:x-me-proxy :x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s=fm3; bh=5DAdnk BFXmG46eQ6owP4RQlDL7qAVQrGX1D9cS62Yus=; b=UEwhZsI83mNKY5AlJ/zCdT WSO40whW09VjG9AxtKUMeq0odAGEpSXrGp2BHohDGmLv6UaefVyTom6tCW13P1ft G8C0PpOZNH+dM+b4WZgzjSw8smG7TRku15y64ddn9HW3aKyd0BzqtZeMvwjEJ15J TzhqTu/4PiKddR3JCUhOXOxkxnk4DvPgl/TJDlnxtMu7qEpv/E+bWBh9aO+Astuj UOvWteyT1XMpN7X4aP62m82pFZ314fD45kLrkaE5J80R6YmuiYcFOvfAfBdYPHCr nWajbGXPkeXCwMz5zKTeNdKruhVw0ZCsZHiIa3G2eXTiQndgBTHRtTb6SCUteQdQ == X-ME-Sender: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgeduhedrudejvddgudeglecutefuodetggdotefrod ftvfcurfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfgh necuuegrihhlohhuthemuceftddtnecusecvtfgvtghiphhivghnthhsucdlqddutddtmd enucfjughrpefofgggkfgjfhffhffvufgtsehttdertderredtnecuhfhrohhmpedfffgr vhgvucevohhtthhlvghhuhgsvghrfdcuoegutghhsehskhhunhhkfigvrhhkshdrrghtqe enucggtffrrghtthgvrhhnpeetffevgfeffeeulefhfeejleegieeifefghfetvddugeff jeffudehhffgteeugfenucffohhmrghinhephhgrtghkmhgurdhiohdpvhigrdhskhdptg hotghhrghrugdrmhgvpdhgihhthhhusgdrtghomhenucevlhhushhtvghrufhiiigvpedt necurfgrrhgrmhepmhgrihhlfhhrohhmpegutghhsehskhhunhhkfigvrhhkshdrrght X-ME-Proxy: Received: by mailuser.nyi.internal (Postfix, from userid 501) id 57B6F1400A6; Wed, 17 Jun 2020 16:28:41 -0400 (EDT) X-Mailer: MessagingEngine.com Webmail Interface User-Agent: Cyrus-JMAP/3.3.0-dev0-529-g3ee424a-fm-20200611.001-g3ee424a1 Mime-Version: 1.0 Message-Id: In-Reply-To: <202006171752.05HHqo0E086454@gndrsh.dnsmgr.net> References: <202006171752.05HHqo0E086454@gndrsh.dnsmgr.net> Date: Wed, 17 Jun 2020 20:28:21 +0000 From: "Dave Cottlehuber" To: freebsd-current@freebsd.org, "Miguel C" Cc: "Rodney W. Grimes" , "Rebecca Cran" , "Warner Losh" Subject: Re: CTF: UEFI HTTP boot support Content-Type: text/plain X-Rspamd-Queue-Id: 49nGqZ2vTnz4SBj X-Spamd-Bar: -- Authentication-Results: mx1.freebsd.org; dkim=pass header.d=skunkwerks.at header.s=fm2 header.b=H5F4BDUl; dkim=pass header.d=messagingengine.com header.s=fm3 header.b=UEwhZsI8; dmarc=none; spf=pass (mx1.freebsd.org: domain of dch@skunkwerks.at designates 66.111.4.28 as permitted sender) smtp.mailfrom=dch@skunkwerks.at X-Spamd-Result: default: False [-2.77 / 15.00]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-0.997]; R_DKIM_ALLOW(-0.20)[skunkwerks.at:s=fm2,messagingengine.com:s=fm3]; XM_UA_NO_VERSION(0.01)[]; FROM_HAS_DN(0.00)[]; TO_DN_SOME(0.00)[]; MV_CASE(0.50)[]; R_SPF_ALLOW(-0.20)[+ip4:66.111.4.28]; MIME_GOOD(-0.10)[text/plain]; DMARC_NA(0.00)[skunkwerks.at]; NEURAL_HAM_LONG(-0.96)[-0.964]; RWL_MAILSPIKE_GOOD(0.00)[66.111.4.28:from]; RCPT_COUNT_FIVE(0.00)[5]; RCVD_COUNT_THREE(0.00)[4]; TO_MATCH_ENVRCPT_SOME(0.00)[]; DKIM_TRACE(0.00)[skunkwerks.at:+,messagingengine.com:+]; NEURAL_HAM_SHORT(-1.22)[-1.218]; FREEMAIL_TO(0.00)[freebsd.org,gmail.com]; FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+]; RCVD_TLS_LAST(0.00)[]; ASN(0.00)[asn:11403, ipnet:66.111.4.0/24, country:US]; MID_RHS_WWW(0.50)[]; RCVD_IN_DNSWL_LOW(-0.10)[66.111.4.28:from] X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.33 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 17 Jun 2020 20:28:43 -0000 On Wed, 17 Jun 2020, at 17:52, Rodney W. Grimes wrote: > > Rodney W. Grimes wrote: > > > > The "fake cd drive" is in the kernel, loader just copies the iso into > > > > memory like any other module, and by the time that's done you just > > > > reboot into the newly installed system, which again uses > > > > > > > > vfs.root.mountfrom="cd9660:/dev/md0.uzip" > > > ^^^ > > > > > > Argh, the cd9660 confused me, I think your doing a > > > "root on mfs/md"? > > > > loader.conf says > > > > rootfs_load="yes" > > rootfs_name="contents.izo" > > rootfs_type="md_image" > > vfs.root.mountfrom="cd9660:/dev/md0.uzip" > > > > contents.izo is uzip'd contents.iso which file(1) > > describes as ISO 9660 CD-ROM filesystem data '' > > > > That's for normal boot, for the loader 'install' command > > it expects an uncompressed iso for rootfs. > > Ok, now the puzzle is how much work to get from a stock FreeBSD .iso > image to something that works with this. Obviously we need a non-stock > /boot/loader.conf file, or to type some commands manually at a loader > prompt. I believe the stock GENERIC kernel has the md_root support > for this already, so it may not be that hard to do. Hi Miguel, all, I spent a bit of time on UEFI HTTP Boot earlier in the year in qemu, bhyve, and intel NUCs -- until everything in the world went to custard. I made some rough notes[1] and I'll go through them again tonight with a fresh build. Hopefully its useful. What I got stuck on was the final pivot, I have never debugged this setup before and I'm still not clear at what point things fail. Olivier's PXE booting and BSDRP were a fantastic reference, and I assume they work in BSDRP already for him. Worth noting that LE TLS certs didn't play well with the PXE UEFI implementation on my intel NUC, this comes up as a very unhelpful error. At least use plain HTTP to get started. While my notes are amd64 oriented I'm very interested in using this for aarch64 locally & in the clowd. My loader.conf follows: boot_multicons="YES" console="efi,comconsole" comconsole_speed="115200" boot_verbose="YES" # make booting somewhat less painful #entropy_cache_load="NO" #kern.random.initial_seeding.bypass_before_seeding="0" # entropy_cache_load="YES" # boot_single="YES" tmpfs_load="YES" autoboot_delay="-1" # dump net vars # exec="show boot.netif.hwaddr" # exec="show boot.netif.ip" # exec="show boot.netif.netmask" # exec="show boot.netif.gateway" # ensure we have enough ram for our image vm.kmem_size=2G vfs.root.mountfrom="ufs:/dev/md0" # vfs.root.mountfrom.options=ro mfs_load="YES" mfs_type="md_image" mfs_name="/boot/mfs-miniroot" interesting these are different from what's above in the thread. references: [1]: https://hackmd.io/@dch/H1X9RYEZr [mfsBSD]: https://mfsbsd.vx.sk/ still 150% awesome [olivier]: https://blog.cochard.me/2019/02/pxe-booting-of-freebsd-disk-image.html [BSDRP]: https://github.com/ocochard/BSDRP A+ Dave