Re: CTF: UEFI HTTP boot support

From: Warner Losh <imp_at_bsdimp.com>
Date: Wed, 17 Jun 2020 21:40:52 -0600
On Wed, Jun 17, 2020 at 9:30 PM Rodney W. Grimes <
freebsd-rwg_at_gndrsh.dnsmgr.net> wrote:

> > This is what we have running in AWS right now, kinda proof of concept but
> > it's not that difficult to generalize:
> >
> > [root_at_ip-172-31-10-188 /usr/local/etc/freeswitch]# mdconfig -lv
> > md0     preload   160M  -
> >
> > [root_at_ip-172-31-10-188 /usr/local/etc/freeswitch]# df
> > Filesystem                    512-blocks    Used  Avail Capacity
> Mounted on
> > /dev/ufs/root_20200617071427     1300080 1220480  79600    94%    /
> > devfs                                  2       2      0   100%    /dev
> > /dev/ufs/etc_20200617071427         9912    6384   2736    70%    /etc
> > /dev/ufs/local_20200617071427    2746992 2572144 174848    94%
> /usr/local
> > /dev/ufs/boot_20200617071427      389560  361208  28352    93%    /boot
> > tmpfs                              65536     624  64912     1%    /tmp
> > tmpfs                              20480      16  20464     0%
> >  /usr/home/ssp-user
> > tmpfs                             524288  336816 187472    64%    /var
> >
> > Root file system is untrimmed 1.2GB UFS, generated with mkuzip compressed
> > down to 160MB with the UZIP, and pre-loaded along with the kernel. The
> > /usr/local file system is read-only UFS+UZIP images placed directly onto
> > the GPT and probed out with GEOM_LABEL. Out of those only /etc is
> > read-write. The idea here is that the box should theoretically survive
> > total loss of connectivity to both root and the /usr/local storage (or we
> > can replace it on the fly with the new version).
> >
> > [root_at_ip-172-31-10-188 /usr/local/etc/freeswitch]# mount
> > /dev/ufs/root_20200617071427 on / (ufs, local, read-only)
> > devfs on /dev (devfs, local, multilabel)
> > /dev/ufs/etc_20200617071427 on /etc (ufs, local, synchronous)
> > /dev/ufs/local_20200617071427 on /usr/local (ufs, local, read-only)
> > /dev/ufs/boot_20200617071427 on /boot (ufs, local, read-only)
> > tmpfs on /tmp (tmpfs, local)
> > tmpfs on /usr/home/ssp-user (tmpfs, local)
> > tmpfs on /var (tmpfs, local)
> >
> > Configuration is dead simple:
> >
> > vfs.root.mountfrom="ufs:ufs/root_20200617071427"
> > image_load="YES"
> > image_name="/root.uzp"
> > image_type="mfs_root"
> > autoboot_delay="-1"
> >
> > It takes less than 100 lines of code I think to generate this out of
> > buildworld/buildkernel. 0 third party tools.
> >
> > Replace loading root from disk with loading it from HTTP server and it
> > would work just as good with the only need to load 1 or two files.
>
> I think your understating several of the stumbling blocks
> that exist here.  As Warner pointed out there are some
> pokey sticks around doing this over the net fs doing this
> from a local disk.
>

BTW, I think this is an excellent area to move from kernel compile options
to kernel env vars that maybe default to the kernel build options for
compat.

And, of course, the sharp bits would be less surprising if well
documented...

Warner
Received on Thu Jun 18 2020 - 01:41:05 UTC

This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:41:24 UTC