Re: CTF: UEFI HTTP boot support

From: Miguel C <miguelmclara_at_gmail.com>
Date: Wed, 17 Jun 2020 22:28:38 +0100
On Wed, Jun 17, 2020 at 7:00 PM Rodney W. Grimes <
freebsd-rwg_at_gndrsh.dnsmgr.net> wrote:

> > On Tue., Jun. 16, 2020, 8:35 a.m. Rodney W. Grimes, <
> > freebsd-rwg_at_gndrsh.dnsmgr.net> wrote:
> >
> > > > I've been trying out FreeBSD with raspberry Pi4 (4GB) and wanted to
> see
> > > > what the state of HTTP BOOT is in FreeBSD, so I bumped into this!
> > > >
> > > > I'm curious if it should be possible to point to a img/iso directly
> (I
> > > > tried to use the img.xz unpacked it and make it available on a local
> web
> > > > server and that didn't seem to work for me)  but maybe thats cause
> those
> > > > images miss something, so arm64 aside does that work for amd64? I.E.
> > > using
> > > > the bootonly.iso?
> > >
> > > One problem you run into in attemtping this is even if you get an
> > > image downloaded and started that image is being provided by some
> > > memory device driver that emulates some type of iso device.
> > > FreeBSD does not have a driver for that device so once the kernel
> > > gets to the point of mounting its root file system it falls on
> > > its face with a mountroot failure.
> > >
> >
> > I donno what you are talking about Rodney, frankly! You information might
> > be way outdated, like 15 years outdated. :) FreeBSD comes with very
> decent
> > compressed image support in MD(4)+geom_uzip, which could be just UFS
> > snapshot or something created with mkimg utility. That said image could
> be
> > then either loaded after the kernel or embedded into one. Using this
> > approach we deploy our systems here, both kernel and all root + python
> > interpreter + custom gui installer fit into 40mb ISO but apart from
> loader
> > bits it's just two files.
>
> Max,
>         Let me try explain what this user is actually experienceing,
> and that is taking a box stock linux distro, sticking it on a webserver
> and using PXE/HTTP booting to a running system.  FreeBSD can not
> achieve that today WITHOUT some additional work.  All that
> stuff like UFS snapshot, mkimg utlity, embeding the image is a ton
> of work compared to what others are doing.
>

Well actually I've been using opensbd to test not linux, I'm using
https://rpi4-uefi.dev/ (not the sotck firmware).

This firmware deos have UEFI HTTP support and as stated bellow UEFI 2.5
supports booting from just a iso or img file, ofc the OS needs to support
this too.

You can even point it to the internet FWIW but I was actually downloading
miniroot67.img  (openbsd installer) and serving it locally!

Creating a HTTP Boot entry manually in UEFI works perfect with this and I
can get to the shell, and even use it to install to a USB drive or sdcad.

>
> This person probably does not even have a running FreeBSD box to do
> any of your suggested solutions on.
>
>
No really I do have FreeBSD boxes, I just wanted to clarify that; I'm not
too familiar with the process of making system images but I can learn.


> So give me some credit, I have only been doing "diskless" since 1982,
> and actually do exactly what the OP is doing with Esxi, Ubuntu, Windows
> Installers, etc.  Just my choice of protocol at the PXE layer is NFS
> instead of HTTP, but my config files can do HTTP with 1 variable change
> and point a web server at the root of my boot images tree.
>
>
I even have a menu entry that sends me off to:
>         https://netboot.xyz/

Regards,
> Rod
>
> >
> > -Max
> >
> >
> > > >
> > > > And on the other hand is there any doc on how to set up dhcp/http
> > > specific
> > > > to FreeBSD similar to
> https://en.opensuse.org/UEFI_HTTPBoot_Server_Setup
> > > ?
> > >
> > > Since Linux uses this idea of a kernel payload and an initrd payload
> > > to boot with it is much easier to get these 2 things over the network
> > > and then have a workable system.  FreeBSD does not have the initrd
> > > payload and that complicates things, you need a functionaly filesystem
> > > avaliable at the end of kernel initilization.
> > > >
> > > > I looked into
> https://www.freebsd.org/doc/handbook/network-diskless.html
> > > > but that doesn't seem to be up to date (or at least it focuses only
> on
> > > PXE
> > > > and TFTP).
> > >
> > > Yes, old but workable.  I have a more advanced system that supports NFS
> > > booting using NFS support in PXE.  The only thing done via tftp is to
> > > upgrade the PXE running on the client to one that speaks NFS, then the
> > > kernel is loaded via NFS and the root file system is later provided
> > > via NFS.  The use of NFS provides very fast boots, and I do not need
> > > a web server to do it :-).
> > >
> > > > For clarification my ultimate goal is to use a few pi4's as "thin
> > > clients",
> > > > so eventually I will have to setup an image of the system with the
> needed
> > > > software (freerdp) but for starters I just wanted to check if
> pointing
> > > > directly to a img/iso would work and that does not seem to be the
> case.
> > >
> > > I would strongly suggest use of NFS instead of trying to provide an
> > > ISO image, as you no longer need to store the ISO in memory on the
> > > client box, and with a pi4 your already memory contrained.
> > >
> > > > Thanks.
> > > > _______________________________________________
> > > > freebsd-current_at_freebsd.org mailing list
> > > > https://lists.freebsd.org/mailman/listinfo/freebsd-current
> > > > To unsubscribe, send any mail to "
> > > freebsd-current-unsubscribe_at_freebsd.org"
> > > --
> > > Rod Grimes
> > > rgrimes_at_freebsd.org
> > > _______________________________________________
> > > freebsd-current_at_freebsd.org mailing list
> > > https://lists.freebsd.org/mailman/listinfo/freebsd-current
> > > To unsubscribe, send any mail to "
> freebsd-current-unsubscribe_at_freebsd.org"
> > >
> > >
>
> --
> Rod Grimes
> rgrimes_at_freebsd.org
>
Received on Wed Jun 17 2020 - 19:29:18 UTC

This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:41:24 UTC