From owner-freebsd-current@freebsd.org Wed Jun 17 21:33:09 2020 Return-Path: Delivered-To: freebsd-current@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 0F9E5337812 for ; Wed, 17 Jun 2020 21:33:09 +0000 (UTC) (envelope-from miguelmclara@gmail.com) Received: from mail-pg1-x533.google.com (mail-pg1-x533.google.com [IPv6:2607:f8b0:4864:20::533]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "smtp.gmail.com", Issuer "GTS CA 1O1" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 49nJFw23Bfz4Z4Z for ; Wed, 17 Jun 2020 21:33:08 +0000 (UTC) (envelope-from miguelmclara@gmail.com) Received: by mail-pg1-x533.google.com with SMTP id u128so1894769pgu.13 for ; Wed, 17 Jun 2020 14:33:08 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=IvMAOlxoKi79c4Ta2kbD0MGPQrr6MA8vMjyK4DBBc60=; b=f4xH+MKZDo5iHm0jXJc34TD1PErtF0zn70/64YpPj2vIrl16YuSiM32sXNEWD2rLoM ZIOgealbwJOedZp0zBebuArOej1UFO0NCmoYcTecLY2f5t+irxIkE7YplOHHoYrMbhVd gBBe88h/zIA4MRrHnmbYznGU3qcc6+0TrT6vMZKXT7rwAAXwv8yfdZ1n8ruzSWdtnwB5 8PP5pqpASeTiouFShgXBHEvWPunU6hQdrz8ucqOoYBU9mRNwGwOtmjgQHXmsoovhAyOn n5M6qNeSY9PV+VdaXFGKULGgi5DsM4mLtKS+oI6mYHSF+slzL7/pUfkY3Ne40GQR1ftn AU2w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=IvMAOlxoKi79c4Ta2kbD0MGPQrr6MA8vMjyK4DBBc60=; b=PgzFkfXxSmThLuum2EmQMSgDtnIfxjpmVDOCrL28KZr1zXkgU2D8R+9Xhi01AYWFAl 9tma+LFjKazcXG0SEG/atyln0m2CHJoMvBvu2/z+B5JuHS7OBUeTZkUJpE5iIGu3zx+C OveBkdsE9sj88KPqGVwSxh5AA6rYxD8WzDsNEYfi6bip/Si2j8LY4jVp7VfsBAni0VR6 AakvHeSK1Mxe/KKZaspPdRHyAvdCEgoGYbI63sOdoMulOd4H4I55YCi3HPkFCS80/BhN /DRmoHJe6d8lUQz6GTM7G3T8ixyA1MBO7VHlGb8oZ3WygVQEEKetwuRHTN9H9gmZMjWe Zq/Q== X-Gm-Message-State: AOAM533b+bleV56UlYT2IZj7xUG4nKWvSxelJ6GFXcQ3qDPqfk9O/Xop qAr7Q8exsuwPt8ez8t5QrMDMdI1j5Doe5j0KSvwyMiZM61U= X-Google-Smtp-Source: ABdhPJzumBVYwY2daWlwsMBQ5chZ15+rs9qLqM3PpeLxp66+w2y3J56kABH+5pRFadaERTYv2hryViz1gL6W0aOwzWM= X-Received: by 2002:a62:8683:: with SMTP id x125mr665410pfd.211.1592429586700; Wed, 17 Jun 2020 14:33:06 -0700 (PDT) MIME-Version: 1.0 References: <202006171752.05HHqo0E086454@gndrsh.dnsmgr.net> In-Reply-To: From: Miguel C Date: Wed, 17 Jun 2020 22:32:29 +0100 Message-ID: Subject: Re: CTF: UEFI HTTP boot support To: Dave Cottlehuber Cc: freebsd-current , "Rodney W. Grimes" , Rebecca Cran , Warner Losh X-Rspamd-Queue-Id: 49nJFw23Bfz4Z4Z X-Spamd-Bar: --- Authentication-Results: mx1.freebsd.org; dkim=pass header.d=gmail.com header.s=20161025 header.b=f4xH+MKZ; dmarc=pass (policy=none) header.from=gmail.com; spf=pass (mx1.freebsd.org: domain of miguelmclara@gmail.com designates 2607:f8b0:4864:20::533 as permitted sender) smtp.mailfrom=miguelmclara@gmail.com X-Spamd-Result: default: False [-3.60 / 15.00]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-1.001]; R_DKIM_ALLOW(-0.20)[gmail.com:s=20161025]; FROM_HAS_DN(0.00)[]; R_SPF_ALLOW(-0.20)[+ip6:2607:f8b0:4000::/36:c]; FREEMAIL_FROM(0.00)[gmail.com]; MIME_GOOD(-0.10)[multipart/alternative,text/plain]; PREVIOUSLY_DELIVERED(0.00)[freebsd-current@freebsd.org]; NEURAL_HAM_LONG(-0.99)[-0.993]; RCPT_COUNT_FIVE(0.00)[5]; TO_MATCH_ENVRCPT_SOME(0.00)[]; TO_DN_ALL(0.00)[]; DKIM_TRACE(0.00)[gmail.com:+]; DMARC_POLICY_ALLOW(-0.50)[gmail.com,none]; RCVD_IN_DNSWL_NONE(0.00)[2607:f8b0:4864:20::533:from]; NEURAL_HAM_SHORT(-0.61)[-0.608]; FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+,1:+,2:~]; FREEMAIL_ENVFROM(0.00)[gmail.com]; ASN(0.00)[asn:15169, ipnet:2607:f8b0::/32, country:US]; RCVD_COUNT_TWO(0.00)[2]; RCVD_TLS_ALL(0.00)[]; DWL_DNSWL_NONE(0.00)[gmail.com:dkim] Content-Type: text/plain; charset="UTF-8" X-Content-Filtered-By: Mailman/MimeDel 2.1.33 X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.33 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 17 Jun 2020 21:33:09 -0000 On Wed, Jun 17, 2020 at 9:28 PM Dave Cottlehuber wrote: > On Wed, 17 Jun 2020, at 17:52, Rodney W. Grimes wrote: > > > Rodney W. Grimes wrote: > > > > > The "fake cd drive" is in the kernel, loader just copies the iso > into > > > > > memory like any other module, and by the time that's done you just > > > > > reboot into the newly installed system, which again uses > > > > > > > > > > vfs.root.mountfrom="cd9660:/dev/md0.uzip" > > > > ^^^ > > > > > > > > Argh, the cd9660 confused me, I think your doing a > > > > "root on mfs/md"? > > > > > > loader.conf says > > > > > > rootfs_load="yes" > > > rootfs_name="contents.izo" > > > rootfs_type="md_image" > > > vfs.root.mountfrom="cd9660:/dev/md0.uzip" > > > > > > contents.izo is uzip'd contents.iso which file(1) > > > describes as ISO 9660 CD-ROM filesystem data '' > > > > > > That's for normal boot, for the loader 'install' command > > > it expects an uncompressed iso for rootfs. > > > > Ok, now the puzzle is how much work to get from a stock FreeBSD .iso > > image to something that works with this. Obviously we need a non-stock > > /boot/loader.conf file, or to type some commands manually at a loader > > prompt. I believe the stock GENERIC kernel has the md_root support > > for this already, so it may not be that hard to do. > > > Hi Miguel, all, > > I spent a bit of time on UEFI HTTP Boot earlier in the year in qemu, > bhyve, and intel NUCs -- until everything in the world went to custard. I > made some rough notes[1] and I'll go through them again tonight with a > fresh build. Hopefully its useful. > > What I got stuck on was the final pivot, I have never debugged this setup > before and I'm still not clear at what point things fail. Olivier's PXE > booting and BSDRP were a fantastic reference, and I assume they work in > BSDRP already for him. > > Worth noting that LE TLS certs didn't play well with the PXE UEFI > implementation on my intel NUC, this comes up as a very unhelpful error. At > least use plain HTTP to get started. > > While my notes are amd64 oriented I'm very interested in using this for > aarch64 locally & in the clowd. > > My loader.conf follows: > > boot_multicons="YES" > console="efi,comconsole" > comconsole_speed="115200" > boot_verbose="YES" > # make booting somewhat less painful > #entropy_cache_load="NO" > #kern.random.initial_seeding.bypass_before_seeding="0" > # entropy_cache_load="YES" > # boot_single="YES" > tmpfs_load="YES" > autoboot_delay="-1" > # dump net vars > # exec="show boot.netif.hwaddr" > # exec="show boot.netif.ip" > # exec="show boot.netif.netmask" > # exec="show boot.netif.gateway" > # ensure we have enough ram for our image > vm.kmem_size=2G > vfs.root.mountfrom="ufs:/dev/md0" > # vfs.root.mountfrom.options=ro > mfs_load="YES" > mfs_type="md_image" > mfs_name="/boot/mfs-miniroot" > > interesting these are different from what's above in the thread. > > Ah thanks a lot for this and for the references, especially the first one with all the notes :D references: > > [1]: https://hackmd.io/@dch/H1X9RYEZr > [mfsBSD]: https://mfsbsd.vx.sk/ still 150% awesome > [olivier]: > https://blog.cochard.me/2019/02/pxe-booting-of-freebsd-disk-image.html > [BSDRP]: https://github.com/ocochard/BSDRP > > A+ > Dave >