A relatively common user mistake is to attempt to boot an EFI executable (such as grub.efi) using a BIOS version of iPXE. Unfortunately there are no signature checks that we can use to unambiguously identify a PXE NBP, since a PXE NBP is just raw machine code. We therefore have to accept anything sufficiently small to fit into base memory as a valid PXE NBP. We can detect that a file might be an EFI executable by checking for the initial "MZ" signature bytes. This does not necessarily preclude the file from also being a PXE NBP (since it would be possible to create a hybrid binary which acts as both an EFI executable and a PXE NBP, similar to the way in which wimboot and the Linux kernel are hybrid binaries which act as both an EFI executable and a bzImage). If the initial "MZ" signature bytes are present, then attempt to warn the user by setting the image type to "PXE-NBP (may be EFI?)". We can't (sensibly) prevent the user from accidentally running an EFI executable as a PXE NBP, but we can at least make it easier for the user to identify their mistake. Inspired-by: Robin Smidsrød <robin@smidsrod.no> Inspired-by: Wissam Shoukair <wissams@mellanox.com> Signed-off-by: Michael Brown <mcb30@ipxe.org>

8 년 전 · fb4ce72e64
--- a/src/arch/i386/image/pxe_image.c
+++ b/src/arch/i386/image/pxe_image.c
@@ -38,6 +38,8 @@ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL );
 
				
				 #include <ipxe/netdevice.h>
			
 
				
				 #include <ipxe/features.h>
			
 
				
				 #include <ipxe/console.h>
			
 
				
				+#include <ipxe/efi/efi.h>
			
 
				
				+#include <ipxe/efi/IndustryStandard/PeImage.h>
			
 
				
				 
			
 
				
				 FEATURE ( FEATURE_IMAGE, "PXE", DHCP_EB_FEATURE_PXE, 1 );
			
 
				
				 
			
@@ -125,9 +127,45 @@ int pxe_probe ( struct image *image ) {
 
				
				 	return 0;
			
 
				
				 }
			
 
				
				 
			
 
				
				+/**
			
 
				
				+ * Probe PXE image (with rejection of potential EFI images)
			
 
				
				+ *
			
 
				
				+ * @v image		PXE file
			
 
				
				+ * @ret rc		Return status code
			
 
				
				+ */
			
 
				
				+int pxe_probe_no_mz ( struct image *image ) {
			
 
				
				+	uint16_t magic;
			
 
				
				+	int rc;
			
 
				
				+
			
 
				
				+	/* Probe PXE image */
			
 
				
				+	if ( ( rc = pxe_probe ( image ) ) != 0 )
			
 
				
				+		return rc;
			
 
				
				+
			
 
				
				+	/* Reject image with an "MZ" signature which may indicate an
			
 
				
				+	 * EFI image incorrectly handed out to a BIOS system.
			
 
				
				+	 */
			
 
				
				+	if ( image->len >= sizeof ( magic ) ) {
			
 
				
				+		copy_from_user ( &magic, image->data, 0, sizeof ( magic ) );
			
 
				
				+		if ( magic == cpu_to_le16 ( EFI_IMAGE_DOS_SIGNATURE ) ) {
			
 
				
				+			DBGC ( image, "IMAGE %p may be an EFI image\n",
			
 
				
				+			       image );
			
 
				
				+			return -ENOTTY;
			
 
				
				+		}
			
 
				
				+	}
			
 
				
				+
			
 
				
				+	return 0;
			
 
				
				+}
			
 
				
				+
			
 
				
				 /** PXE image type */
			
 
				
				-struct image_type pxe_image_type __image_type ( PROBE_PXE ) = {
			
 
				
				-	.name = "PXE",
			
 
				
				-	.probe = pxe_probe,
			
 
				
				-	.exec = pxe_exec,
			
 
				
				+struct image_type pxe_image_type[] __image_type ( PROBE_PXE ) = {
			
 
				
				+	{
			
 
				
				+		.name = "PXE-NBP",
			
 
				
				+		.probe = pxe_probe_no_mz,
			
 
				
				+		.exec = pxe_exec,
			
 
				
				+	},
			
 
				
				+	{
			
 
				
				+		.name = "PXE-NBP (may be EFI?)",
			
 
				
				+		.probe = pxe_probe,
			
 
				
				+		.exec = pxe_exec,
			
 
				
				+	},
			
 
				
				 };