robin.thoni
/
ipxe
Watch 1
Star 0
Fork 0
Code Issues 0 Pull Requests 0 Releases 11 Wiki Activity
Browse Source

[pxe] Warn about PXE NBPs that may be EFI executables 

A relatively common user mistake is to attempt to boot an EFI
executable (such as grub.efi) using a BIOS version of iPXE.

Unfortunately there are no signature checks that we can use to
unambiguously identify a PXE NBP, since a PXE NBP is just raw machine
code.  We therefore have to accept anything sufficiently small to fit
into base memory as a valid PXE NBP.

We can detect that a file might be an EFI executable by checking for
the initial "MZ" signature bytes.  This does not necessarily preclude
the file from also being a PXE NBP (since it would be possible to
create a hybrid binary which acts as both an EFI executable and a PXE
NBP, similar to the way in which wimboot and the Linux kernel are
hybrid binaries which act as both an EFI executable and a bzImage).

If the initial "MZ" signature bytes are present, then attempt to warn
the user by setting the image type to "PXE-NBP (may be EFI?)".  We
can't (sensibly) prevent the user from accidentally running an EFI
executable as a PXE NBP, but we can at least make it easier for the
user to identify their mistake.

Inspired-by: Robin Smidsrød <robin@smidsrod.no>
Inspired-by: Wissam Shoukair <wissams@mellanox.com>
Signed-off-by: Michael Brown <mcb30@ipxe.org>
tags/v1.20.1
Michael Brown 9 years ago
parent
0a34c2aab9
commit
fb4ce72e64
1 changed files with 42 additions and 4 deletions
Unified View Show Diff Stats
  1. 42
    4
      src/arch/i386/image/pxe_image.c

+ 42
- 4
src/arch/i386/image/pxe_image.c View File

38 
 #include <ipxe/netdevice.h>
 38 
 #include <ipxe/netdevice.h>
39 
 #include <ipxe/features.h>
 39 
 #include <ipxe/features.h>
40 
 #include <ipxe/console.h>
 40 
 #include <ipxe/console.h>
41 
+#include <ipxe/efi/efi.h>
42 
+#include <ipxe/efi/IndustryStandard/PeImage.h>
41
43
42 
 FEATURE ( FEATURE_IMAGE, "PXE", DHCP_EB_FEATURE_PXE, 1 );
 44 
 FEATURE ( FEATURE_IMAGE, "PXE", DHCP_EB_FEATURE_PXE, 1 );
43
45
125 
 	return 0;
 127 
 	return 0;
126 
 }
 128 
 }
127
129
130 
+/**
131 
+ * Probe PXE image (with rejection of potential EFI images)
132 
+ *
133 
+ * @v image		PXE file
134 
+ * @ret rc		Return status code
135 
+ */
136 
+int pxe_probe_no_mz ( struct image *image ) {
137 
+	uint16_t magic;
138 
+	int rc;
139 
+
140 
+	/* Probe PXE image */
141 
+	if ( ( rc = pxe_probe ( image ) ) != 0 )
142 
+		return rc;
143 
+
144 
+	/* Reject image with an "MZ" signature which may indicate an
145 
+	 * EFI image incorrectly handed out to a BIOS system.
146 
+	 */
147 
+	if ( image->len >= sizeof ( magic ) ) {
148 
+		copy_from_user ( &magic, image->data, 0, sizeof ( magic ) );
149 
+		if ( magic == cpu_to_le16 ( EFI_IMAGE_DOS_SIGNATURE ) ) {
150 
+			DBGC ( image, "IMAGE %p may be an EFI image\n",
151 
+			       image );
152 
+			return -ENOTTY;
153 
+		}
154 
+	}
155 
+
156 
+	return 0;
157 
+}
158 
+
128 
 /** PXE image type */
 159 
 /** PXE image type */
129 
-struct image_type pxe_image_type __image_type ( PROBE_PXE ) = {
130 
-	.name = "PXE",
131 
-	.probe = pxe_probe,
132 
-	.exec = pxe_exec,
160 
+struct image_type pxe_image_type[] __image_type ( PROBE_PXE ) = {
161 
+	{
162 
+		.name = "PXE-NBP",
163 
+		.probe = pxe_probe_no_mz,
164 
+		.exec = pxe_exec,
165 
+	},
166 
+	{
167 
+		.name = "PXE-NBP (may be EFI?)",
168 
+		.probe = pxe_probe,
169 
+		.exec = pxe_exec,
170 
+	},
133 
 };
 171 
 };

Write Preview
Loading…
Cancel
Save