SlideShare ist ein Scribd-Unternehmen logo

UEFI HTTP/HTTPS Boot LinuxCon China 2017

L
LinuxCon ContainerCon CloudOpen China

Presentation delivered at LinuxCon China 2016 UEFI HTTP/HTTPS Boot is a new feature of UEFI 2.5+. In the meantime, this feature is not yet implemented in any Linux bootloader. This Birds of a Feather session will give an introduction to UEFI HTTP/HTTPS Boot, and share a proof-of-concept implementation based on grub2 that works on both the emulator (QEMU/OVMF) and HPE ProLiant Gen10 servers. For HTTPS, the experience and comparison will be shared between the purely software-based and UEFI-based implementations in the aspects of ease of implementation, security strength, and limitation.

Technologie
1 von 13
Downloaden Sie, um offline zu lesen
UEFI HTTP/HTTPS Boot LinuxCon China 2017 Keng-Yu Lin <kengyu@hpe.com> June 20, 2017
Agenda • UEFI HTTP(s) Boot introduction • HPE UEFI HTTP Boot PoC based on GRUB2 • Share obstacles • Open discussion 2
UEFI HTTP(s) Boot Modes Corporate Environment Home Environment 3 DHCP Server with HTTPBoot Extension * Analogous to PXE with TFTP replaced by HTTP(s) Standard DHCP Server * User inputs a URL of a UEFI bootloader and then the system boot from there.
Comparison 4 UEFI HTTP(s) Boot PXE IPv4 & IPv6 IPv4 only UEFI 2.5 plus + DHCP extension + HTTP server UEFI or legacy BIOS + DHCP extension + TFTP server Standard DNS setup dnsmasq as the DNS forwarder HTTP server has a variety of access control TFTP has no access control Both UEFI firmware & the bootloader use HTTP Many bootloaders have supported HTTP. TFTP looks redundant 1. PXE-enabled BIOS to load the bootloader (aka Network Bootstrap Program, NBP) 2. HTTP-enabled bootloader loads kernel+initrd via HTTP SSL/TLS support (HTTPS) N/A
Example 5 Linux HTTP(s) client server kernel NBP DHCPOFFER with NBP location info Request for the NBP HTTP(s) NBPUEFI HTTPserver Request for loading the Linux kernel and initrd initrd HTTP(s) DHCPDISCOVERY DHCPserver (screenshot from EDK2/OVMF)
UEFI HTTP Protocol Usage 6 • Application-level API • No socket/TCP/UDP • Standard HTTP usage • Standard UEFI usage
GRUB2 Modular Architecture 7 efihttp.mod kernel.img net.mod efinet.mod crypto.mod http.mod normal.mod terminal.mod extcmd.mod execute load mmap.mod echo.mod load load load load load load load load load load load GRUB2 is not a single binary. It contains a lot of separate modules and they are only loaded when needed.
Software-Based Implementation - Patches* from HPE & SuSE - Only use http.mod from GRUB2 - Obstacles of HTTPS - No https.mod in GRUB2 - GRUB2 to use openssl or GnuTLS is error-prone - Saving the certificates in software is dangerous - UEFI already provides good and simple APIs to use. - Disadvantages: only works on UEFI-enabled machines 8 * https://lists.gnu.org/archive/html/grub-devel/2016-08/msg00000.html https://lists.gnu.org/archive/html/grub-devel/2016-12/msg00088.html (screenshot from EDK2/OVMF) SSL certificate in x.509 or PEM format
UEFI-Based HTTP Implementation - HPE PoC works on OVMF/QEMU - Preliminary test works on HPE ProLiant Gen10 servers - RFC patchset sent to the GRUB2 upstream - GRUB2 maintainers’ comments: • Prefers the software-based solution with GnuTLS library • Works on non-UEFI arches • Need MNP NIC driver rather than SNP for UEFI HTTP(s) protocols 9 * http://lists.gnu.org/archive/html/grub-devel/2017-01/msg00016.html
Obstacle of NIC Driver in GRUB2 – SNP & MNP – Simple Network Protocol, SNP (UEFI 2.6 spec. 23.1) – “This protocol can be used to as a building block in a full UDP and TCP/IP implementation that can produce a variety of application level network interface” – Managed Network Protocol, MNP (UEFI 2.6 spec. 24.1) – “MNP provides raw (unformatted) asynchronous network packet I/O services. The services make it possible for multiple-event-driven drivers and applications to access and use the system network interfaces at the same time.” – In short – GRUB2 only implements SNP network driver – SNP has no “multiplex access” ability – HTTP(s) are an application-level protocols – If GRUB2 and UEFI firmware issue HTTP requests at the same time, there could be race conditions 10 NBP (GRUB2) Software Firmware MNP driver N/A
Interactive Source Level GRUB2 / OVMF Co-Debugging 11 QEMU w/ gdbserver OVMF Debug Build * GRUB2 Debug Build ** Load / Execute Load / Execute * http://feishare.com/efimail/messages/20140619-0534-_edk2__source_level_debugging_of_OVMF_with_gdb-Laszlo_Ersek.html ** http://wjhowto.googlepages.com/grub2-r2300-2340-elfgdb.patch ** http://svnweb.mageia.org/packages/cauldron/grub2/current/SOURCES/10005-Make-a-gdb-dprintf-that-tells-us-load-addresses.patch GDB Client Connect 1 Load Symbol Address2 Load Symbol Address3 Source Level Debug Session4
Summary – Works on HPE ProLiant Gen10 servers & EDK2/OVMF + QEMU – HPE is the major contributor of UEFI HTTP(s) Boot in EDK2 – HPE is driving the support in Linux bootloaders 12
Open Discussion 13

Empfohlen

Ixgbe internals
Ixgbe internalsIxgbe internals
Ixgbe internalsSUSE Labs Taipei
 
IntelON 2021 Processor Benchmarking
IntelON 2021 Processor BenchmarkingIntelON 2021 Processor Benchmarking
IntelON 2021 Processor BenchmarkingBrendan Gregg
 
The Linux Block Layer - Built for Fast Storage
The Linux Block Layer - Built for Fast StorageThe Linux Block Layer - Built for Fast Storage
The Linux Block Layer - Built for Fast StorageKernel TLV
 
LISA2019 Linux Systems Performance
LISA2019 Linux Systems PerformanceLISA2019 Linux Systems Performance
LISA2019 Linux Systems PerformanceBrendan Gregg
 
Linux Performance Analysis: New Tools and Old Secrets
Linux Performance Analysis: New Tools and Old SecretsLinux Performance Analysis: New Tools and Old Secrets
Linux Performance Analysis: New Tools and Old SecretsBrendan Gregg
 
BPF Internals (eBPF)
BPF Internals (eBPF)BPF Internals (eBPF)
BPF Internals (eBPF)Brendan Gregg
 
Linux MMAP & Ioremap introduction
Linux MMAP & Ioremap introductionLinux MMAP & Ioremap introduction
Linux MMAP & Ioremap introductionGene Chang
 
Broken Linux Performance Tools 2016
Broken Linux Performance Tools 2016Broken Linux Performance Tools 2016
Broken Linux Performance Tools 2016Brendan Gregg
 

Empfohlen

Ixgbe internals
Ixgbe internalsIxgbe internals
Ixgbe internalsSUSE Labs Taipei
 
IntelON 2021 Processor Benchmarking
IntelON 2021 Processor BenchmarkingIntelON 2021 Processor Benchmarking
IntelON 2021 Processor BenchmarkingBrendan Gregg
 
The Linux Block Layer - Built for Fast Storage
The Linux Block Layer - Built for Fast StorageThe Linux Block Layer - Built for Fast Storage
The Linux Block Layer - Built for Fast StorageKernel TLV
 
LISA2019 Linux Systems Performance
LISA2019 Linux Systems PerformanceLISA2019 Linux Systems Performance
LISA2019 Linux Systems PerformanceBrendan Gregg
 
Linux Performance Analysis: New Tools and Old Secrets
Linux Performance Analysis: New Tools and Old SecretsLinux Performance Analysis: New Tools and Old Secrets
Linux Performance Analysis: New Tools and Old SecretsBrendan Gregg
 
BPF Internals (eBPF)
BPF Internals (eBPF)BPF Internals (eBPF)
BPF Internals (eBPF)Brendan Gregg
 
Linux MMAP & Ioremap introduction
Linux MMAP & Ioremap introductionLinux MMAP & Ioremap introduction
Linux MMAP & Ioremap introductionGene Chang
 
Broken Linux Performance Tools 2016
Broken Linux Performance Tools 2016Broken Linux Performance Tools 2016
Broken Linux Performance Tools 2016Brendan Gregg
 
Linux Networking Explained
Linux Networking ExplainedLinux Networking Explained
Linux Networking ExplainedThomas Graf
 
Linux Profiling at Netflix
Linux Profiling at NetflixLinux Profiling at Netflix
Linux Profiling at NetflixBrendan Gregg
 
U boot porting guide for SoC
U boot porting guide for SoCU boot porting guide for SoC
U boot porting guide for SoCMacpaul Lin
 
Kernel Recipes 2019 - BPF at Facebook
Kernel Recipes 2019 - BPF at FacebookKernel Recipes 2019 - BPF at Facebook
Kernel Recipes 2019 - BPF at FacebookAnne Nicolas
 
Dpdk performance
Dpdk performanceDpdk performance
Dpdk performanceStephen Hemminger
 
Linux Interrupts
Linux InterruptsLinux Interrupts
Linux InterruptsKernel TLV
 
Linux Internals - Part II
Linux Internals - Part IILinux Internals - Part II
Linux Internals - Part IIEmertxe Information Technologies Pvt Ltd
 
Kernel Recipes 2017 - EBPF and XDP - Eric Leblond
Kernel Recipes 2017 - EBPF and XDP - Eric LeblondKernel Recipes 2017 - EBPF and XDP - Eric Leblond
Kernel Recipes 2017 - EBPF and XDP - Eric LeblondAnne Nicolas
 
Performance Wins with eBPF: Getting Started (2021)
Performance Wins with eBPF: Getting Started (2021)Performance Wins with eBPF: Getting Started (2021)
Performance Wins with eBPF: Getting Started (2021)Brendan Gregg
 
Computing Performance: On the Horizon (2021)
Computing Performance: On the Horizon (2021)Computing Performance: On the Horizon (2021)
Computing Performance: On the Horizon (2021)Brendan Gregg
 
BPF: Tracing and more
BPF: Tracing and moreBPF: Tracing and more
BPF: Tracing and moreBrendan Gregg
 
Making Linux do Hard Real-time
Making Linux do Hard Real-timeMaking Linux do Hard Real-time
Making Linux do Hard Real-timeNational Cheng Kung University
 
Accelerating Envoy and Istio with Cilium and the Linux Kernel
Accelerating Envoy and Istio with Cilium and the Linux KernelAccelerating Envoy and Istio with Cilium and the Linux Kernel
Accelerating Envoy and Istio with Cilium and the Linux KernelThomas Graf
 
FPGA+SoC+Linux実践勉強会資料
FPGA+SoC+Linux実践勉強会資料FPGA+SoC+Linux実践勉強会資料
FPGA+SoC+Linux実践勉強会資料一路 川染
 
It's Time to ROCm!
It's Time to ROCm!It's Time to ROCm!
It's Time to ROCm!inside-BigData.com
 
Velocity 2015 linux perf tools
Velocity 2015 linux perf toolsVelocity 2015 linux perf tools
Velocity 2015 linux perf toolsBrendan Gregg
 
High-Performance Networking Using eBPF, XDP, and io_uring
High-Performance Networking Using eBPF, XDP, and io_uringHigh-Performance Networking Using eBPF, XDP, and io_uring
High-Performance Networking Using eBPF, XDP, and io_uringScyllaDB
 
eBPF - Rethinking the Linux Kernel
eBPF - Rethinking the Linux KerneleBPF - Rethinking the Linux Kernel
eBPF - Rethinking the Linux KernelThomas Graf
 
Disaggregating Ceph using NVMeoF
Disaggregating Ceph using NVMeoFDisaggregating Ceph using NVMeoF
Disaggregating Ceph using NVMeoFShapeBlue
 
DMA Survival Guide
DMA Survival GuideDMA Survival Guide
DMA Survival GuideKernel TLV
 
Libvirt API Certification
Libvirt API CertificationLibvirt API Certification
Libvirt API CertificationLinuxCon ContainerCon CloudOpen China
 
How Open Source Communities do Standardization
How Open Source Communities do StandardizationHow Open Source Communities do Standardization
How Open Source Communities do StandardizationLinuxCon ContainerCon CloudOpen China
 

Weitere ähnliche Inhalte

Was ist angesagt?

Linux Networking Explained
Linux Networking ExplainedLinux Networking Explained
Linux Networking ExplainedThomas Graf
 
Linux Profiling at Netflix
Linux Profiling at NetflixLinux Profiling at Netflix
Linux Profiling at NetflixBrendan Gregg
 
U boot porting guide for SoC
U boot porting guide for SoCU boot porting guide for SoC
U boot porting guide for SoCMacpaul Lin
 
Kernel Recipes 2019 - BPF at Facebook
Kernel Recipes 2019 - BPF at FacebookKernel Recipes 2019 - BPF at Facebook
Kernel Recipes 2019 - BPF at FacebookAnne Nicolas
 
Linux Interrupts
Linux InterruptsLinux Interrupts
Linux InterruptsKernel TLV
 
Kernel Recipes 2017 - EBPF and XDP - Eric Leblond
Kernel Recipes 2017 - EBPF and XDP - Eric LeblondKernel Recipes 2017 - EBPF and XDP - Eric Leblond
Kernel Recipes 2017 - EBPF and XDP - Eric LeblondAnne Nicolas
 
Performance Wins with eBPF: Getting Started (2021)
Performance Wins with eBPF: Getting Started (2021)Performance Wins with eBPF: Getting Started (2021)
Performance Wins with eBPF: Getting Started (2021)Brendan Gregg
 
Computing Performance: On the Horizon (2021)
Computing Performance: On the Horizon (2021)Computing Performance: On the Horizon (2021)
Computing Performance: On the Horizon (2021)Brendan Gregg
 
BPF: Tracing and more
BPF: Tracing and moreBPF: Tracing and more
BPF: Tracing and moreBrendan Gregg
 
Accelerating Envoy and Istio with Cilium and the Linux Kernel
Accelerating Envoy and Istio with Cilium and the Linux KernelAccelerating Envoy and Istio with Cilium and the Linux Kernel
Accelerating Envoy and Istio with Cilium and the Linux KernelThomas Graf
 
FPGA+SoC+Linux実践勉強会資料
FPGA+SoC+Linux実践勉強会資料FPGA+SoC+Linux実践勉強会資料
FPGA+SoC+Linux実践勉強会資料一路 川染
 
Velocity 2015 linux perf tools
Velocity 2015 linux perf toolsVelocity 2015 linux perf tools
Velocity 2015 linux perf toolsBrendan Gregg
 
High-Performance Networking Using eBPF, XDP, and io_uring
High-Performance Networking Using eBPF, XDP, and io_uringHigh-Performance Networking Using eBPF, XDP, and io_uring
High-Performance Networking Using eBPF, XDP, and io_uringScyllaDB
 
eBPF - Rethinking the Linux Kernel
eBPF - Rethinking the Linux KerneleBPF - Rethinking the Linux Kernel
eBPF - Rethinking the Linux KernelThomas Graf
 
Disaggregating Ceph using NVMeoF
Disaggregating Ceph using NVMeoFDisaggregating Ceph using NVMeoF
Disaggregating Ceph using NVMeoFShapeBlue
 
DMA Survival Guide
DMA Survival GuideDMA Survival Guide
DMA Survival GuideKernel TLV
 

Was ist angesagt? (20)

Linux Networking Explained
Linux Networking ExplainedLinux Networking Explained
Linux Networking Explained
 
Linux Profiling at Netflix
Linux Profiling at NetflixLinux Profiling at Netflix
Linux Profiling at Netflix
 
U boot porting guide for SoC
U boot porting guide for SoCU boot porting guide for SoC
U boot porting guide for SoC
 
Kernel Recipes 2019 - BPF at Facebook
Kernel Recipes 2019 - BPF at FacebookKernel Recipes 2019 - BPF at Facebook
Kernel Recipes 2019 - BPF at Facebook
 
Dpdk performance
Dpdk performanceDpdk performance
Dpdk performance
 
Linux Interrupts
Linux InterruptsLinux Interrupts
Linux Interrupts
 
Linux Internals - Part II
Linux Internals - Part IILinux Internals - Part II
Linux Internals - Part II
 
Kernel Recipes 2017 - EBPF and XDP - Eric Leblond
Kernel Recipes 2017 - EBPF and XDP - Eric LeblondKernel Recipes 2017 - EBPF and XDP - Eric Leblond
Kernel Recipes 2017 - EBPF and XDP - Eric Leblond
 
Performance Wins with eBPF: Getting Started (2021)
Performance Wins with eBPF: Getting Started (2021)Performance Wins with eBPF: Getting Started (2021)
Performance Wins with eBPF: Getting Started (2021)
 
Computing Performance: On the Horizon (2021)
Computing Performance: On the Horizon (2021)Computing Performance: On the Horizon (2021)
Computing Performance: On the Horizon (2021)
 
BPF: Tracing and more
BPF: Tracing and moreBPF: Tracing and more
BPF: Tracing and more
 
Making Linux do Hard Real-time
Making Linux do Hard Real-timeMaking Linux do Hard Real-time
Making Linux do Hard Real-time
 
Accelerating Envoy and Istio with Cilium and the Linux Kernel
Accelerating Envoy and Istio with Cilium and the Linux KernelAccelerating Envoy and Istio with Cilium and the Linux Kernel
Accelerating Envoy and Istio with Cilium and the Linux Kernel
 
FPGA+SoC+Linux実践勉強会資料
FPGA+SoC+Linux実践勉強会資料FPGA+SoC+Linux実践勉強会資料
FPGA+SoC+Linux実践勉強会資料
 
It's Time to ROCm!
It's Time to ROCm!It's Time to ROCm!
It's Time to ROCm!
 
Velocity 2015 linux perf tools
Velocity 2015 linux perf toolsVelocity 2015 linux perf tools
Velocity 2015 linux perf tools
 
High-Performance Networking Using eBPF, XDP, and io_uring
High-Performance Networking Using eBPF, XDP, and io_uringHigh-Performance Networking Using eBPF, XDP, and io_uring
High-Performance Networking Using eBPF, XDP, and io_uring
 
eBPF - Rethinking the Linux Kernel
eBPF - Rethinking the Linux KerneleBPF - Rethinking the Linux Kernel
eBPF - Rethinking the Linux Kernel
 
Disaggregating Ceph using NVMeoF
Disaggregating Ceph using NVMeoFDisaggregating Ceph using NVMeoF
Disaggregating Ceph using NVMeoF
 
DMA Survival Guide
DMA Survival GuideDMA Survival Guide
DMA Survival Guide
 

Andere mochten auch

See what happened with real time kvm when building real time cloud pezhang@re...
See what happened with real time kvm when building real time cloud pezhang@re...See what happened with real time kvm when building real time cloud pezhang@re...
See what happened with real time kvm when building real time cloud pezhang@re...LinuxCon ContainerCon CloudOpen China
 

Andere mochten auch (20)

Libvirt API Certification
Libvirt API CertificationLibvirt API Certification
Libvirt API Certification
 
How Open Source Communities do Standardization
How Open Source Communities do StandardizationHow Open Source Communities do Standardization
How Open Source Communities do Standardization
 
Fully automated kubernetes deployment and management
Fully automated kubernetes deployment and managementFully automated kubernetes deployment and management
Fully automated kubernetes deployment and management
 
Unikernelized Linux
Unikernelized LinuxUnikernelized Linux
Unikernelized Linux
 
The Open vSwitch and OVN Projects
The Open vSwitch and OVN ProjectsThe Open vSwitch and OVN Projects
The Open vSwitch and OVN Projects
 
64-bit ARM Unikernels on uKVM
64-bit ARM Unikernels on uKVM64-bit ARM Unikernels on uKVM
64-bit ARM Unikernels on uKVM
 
Running Legacy Applications with Containers
Running Legacy Applications with ContainersRunning Legacy Applications with Containers
Running Legacy Applications with Containers
 
Zephyr: Creating a Best-of-Breed, Secure RTOS for IoT
Zephyr: Creating a Best-of-Breed, Secure RTOS for IoTZephyr: Creating a Best-of-Breed, Secure RTOS for IoT
Zephyr: Creating a Best-of-Breed, Secure RTOS for IoT
 
Policy-based Resource Placement
Policy-based Resource PlacementPolicy-based Resource Placement
Policy-based Resource Placement
 
See what happened with real time kvm when building real time cloud pezhang@re...
See what happened with real time kvm when building real time cloud pezhang@re...See what happened with real time kvm when building real time cloud pezhang@re...
See what happened with real time kvm when building real time cloud pezhang@re...
 
Rethinking the OS
Rethinking the OSRethinking the OS
Rethinking the OS
 
OCI Support in Mesos
OCI Support in MesosOCI Support in Mesos
OCI Support in Mesos
 
Building a Better Thermostat
Building a Better ThermostatBuilding a Better Thermostat
Building a Better Thermostat
 
Obstacles & Solutions for Livepatch Support on ARM64 Architecture
Obstacles & Solutions for Livepatch Support on ARM64 ArchitectureObstacles & Solutions for Livepatch Support on ARM64 Architecture
Obstacles & Solutions for Livepatch Support on ARM64 Architecture
 
LiteOS
LiteOS LiteOS
LiteOS
 
Simplify Networking for Containers
Simplify Networking for ContainersSimplify Networking for Containers
Simplify Networking for Containers
 
Linux Kernel Development
Linux Kernel DevelopmentLinux Kernel Development
Linux Kernel Development
 
OpenStack on AArch64
OpenStack on AArch64OpenStack on AArch64
OpenStack on AArch64
 
Hyperledger Technical Community in China.
Hyperledger Technical Community in China. Hyperledger Technical Community in China.
Hyperledger Technical Community in China.
 
OpenDaylight OpenStack Integration
OpenDaylight OpenStack IntegrationOpenDaylight OpenStack Integration
OpenDaylight OpenStack Integration
 

Ähnlich wie UEFI HTTP/HTTPS Boot LinuxCon China 2017

2010-01-28 NSA Open Source User Group Meeting, Current & Future Linux on Syst...
2010-01-28 NSA Open Source User Group Meeting, Current & Future Linux on Syst...2010-01-28 NSA Open Source User Group Meeting, Current & Future Linux on Syst...
2010-01-28 NSA Open Source User Group Meeting, Current & Future Linux on Syst...Shawn Wells
 
OSDC 2014 ONIE by Nat Morris
OSDC 2014 ONIE by Nat MorrisOSDC 2014 ONIE by Nat Morris
OSDC 2014 ONIE by Nat MorrisCumulus Networks
 
[OpenStack Day in Korea 2015] Track 1-6 - 갈라파고스의 이구아나, 인프라에 오픈소스를 올리다. 그래서 보이...
[OpenStack Day in Korea 2015] Track 1-6 - 갈라파고스의 이구아나, 인프라에 오픈소스를 올리다. 그래서 보이...[OpenStack Day in Korea 2015] Track 1-6 - 갈라파고스의 이구아나, 인프라에 오픈소스를 올리다. 그래서 보이...
[OpenStack Day in Korea 2015] Track 1-6 - 갈라파고스의 이구아나, 인프라에 오픈소스를 올리다. 그래서 보이...OpenStack Korea Community
 
pfSense 2.2 Preview - pfSense Hangout November 2014
pfSense 2.2 Preview - pfSense Hangout November 2014pfSense 2.2 Preview - pfSense Hangout November 2014
pfSense 2.2 Preview - pfSense Hangout November 2014Netgate
 
The Switch as a Server - PuppetConf 2014
The Switch as a Server - PuppetConf 2014The Switch as a Server - PuppetConf 2014
The Switch as a Server - PuppetConf 2014Puppet
 
OSDC 2014: Nat Morris - Open Network Install Environment
OSDC 2014: Nat Morris - Open Network Install EnvironmentOSDC 2014: Nat Morris - Open Network Install Environment
OSDC 2014: Nat Morris - Open Network Install EnvironmentNETWAYS
 
Nginx 0.8.x + php 5.2.13 (fast cgi) setup web server
Nginx 0.8.x + php 5.2.13 (fast cgi) setup web serverNginx 0.8.x + php 5.2.13 (fast cgi) setup web server
Nginx 0.8.x + php 5.2.13 (fast cgi) setup web serverwruben
 
Install FD.IO VPP On Intel(r) Architecture & Test with Trex*
Install FD.IO VPP On Intel(r) Architecture & Test with Trex*Install FD.IO VPP On Intel(r) Architecture & Test with Trex*
Install FD.IO VPP On Intel(r) Architecture & Test with Trex*Michelle Holley
 
CodeFest 2013. Mosesohn M. — Automating environments with Cobbler
CodeFest 2013. Mosesohn M. — Automating environments with CobblerCodeFest 2013. Mosesohn M. — Automating environments with Cobbler
CodeFest 2013. Mosesohn M. — Automating environments with CobblerCodeFest
 
Linux sever building
Linux sever buildingLinux sever building
Linux sever buildingEdmond Yu
 
SoHo Honeypot (LUGS)
SoHo Honeypot (LUGS)SoHo Honeypot (LUGS)
SoHo Honeypot (LUGS)Michael Boman
 
Docker for Java developers at JavaLand
Docker for Java developers at JavaLandDocker for Java developers at JavaLand
Docker for Java developers at JavaLandJohan Janssen
 
ONIE: Open Network Install Environment @ OSDC 2014 Netways, Berlin
ONIE: Open Network Install Environment @ OSDC 2014 Netways, BerlinONIE: Open Network Install Environment @ OSDC 2014 Netways, Berlin
ONIE: Open Network Install Environment @ OSDC 2014 Netways, BerlinNat Morris
 
OpenNebulaConf 2014 - CentOS, QA and OpenNebula - Christoph Galuschka
OpenNebulaConf 2014 - CentOS, QA and OpenNebula - Christoph GaluschkaOpenNebulaConf 2014 - CentOS, QA and OpenNebula - Christoph Galuschka
OpenNebulaConf 2014 - CentOS, QA and OpenNebula - Christoph GaluschkaOpenNebula Project
 
OpenNebula Conf 2014: CentOS, QA an OpenNebula - Christoph Galuschka
OpenNebula Conf 2014: CentOS, QA an OpenNebula - Christoph GaluschkaOpenNebula Conf 2014: CentOS, QA an OpenNebula - Christoph Galuschka
OpenNebula Conf 2014: CentOS, QA an OpenNebula - Christoph GaluschkaNETWAYS
 
CentOS Stream at Facebook
CentOS Stream at FacebookCentOS Stream at Facebook
CentOS Stream at FacebookDavide Cavalca
 
DevOPS training - Day 1/2
DevOPS training - Day 1/2DevOPS training - Day 1/2
DevOPS training - Day 1/2Vincent Mercier
 
2009-01-20 RHEL 5.3 for System z
2009-01-20 RHEL 5.3 for System z2009-01-20 RHEL 5.3 for System z
2009-01-20 RHEL 5.3 for System zShawn Wells
 
Installing nagios core_from_source
Installing nagios core_from_sourceInstalling nagios core_from_source
Installing nagios core_from_sourcelaonap166
 
VMware vSphere 4.1 deep dive - part 1
VMware vSphere 4.1 deep dive - part 1VMware vSphere 4.1 deep dive - part 1
VMware vSphere 4.1 deep dive - part 1Louis Göhl
 

Ähnlich wie UEFI HTTP/HTTPS Boot LinuxCon China 2017 (20)

2010-01-28 NSA Open Source User Group Meeting, Current & Future Linux on Syst...
2010-01-28 NSA Open Source User Group Meeting, Current & Future Linux on Syst...2010-01-28 NSA Open Source User Group Meeting, Current & Future Linux on Syst...
2010-01-28 NSA Open Source User Group Meeting, Current & Future Linux on Syst...
 
OSDC 2014 ONIE by Nat Morris
OSDC 2014 ONIE by Nat MorrisOSDC 2014 ONIE by Nat Morris
OSDC 2014 ONIE by Nat Morris
 
[OpenStack Day in Korea 2015] Track 1-6 - 갈라파고스의 이구아나, 인프라에 오픈소스를 올리다. 그래서 보이...
[OpenStack Day in Korea 2015] Track 1-6 - 갈라파고스의 이구아나, 인프라에 오픈소스를 올리다. 그래서 보이...[OpenStack Day in Korea 2015] Track 1-6 - 갈라파고스의 이구아나, 인프라에 오픈소스를 올리다. 그래서 보이...
[OpenStack Day in Korea 2015] Track 1-6 - 갈라파고스의 이구아나, 인프라에 오픈소스를 올리다. 그래서 보이...
 
pfSense 2.2 Preview - pfSense Hangout November 2014
pfSense 2.2 Preview - pfSense Hangout November 2014pfSense 2.2 Preview - pfSense Hangout November 2014
pfSense 2.2 Preview - pfSense Hangout November 2014
 
The Switch as a Server - PuppetConf 2014
The Switch as a Server - PuppetConf 2014The Switch as a Server - PuppetConf 2014
The Switch as a Server - PuppetConf 2014
 
OSDC 2014: Nat Morris - Open Network Install Environment
OSDC 2014: Nat Morris - Open Network Install EnvironmentOSDC 2014: Nat Morris - Open Network Install Environment
OSDC 2014: Nat Morris - Open Network Install Environment
 
Nginx 0.8.x + php 5.2.13 (fast cgi) setup web server
Nginx 0.8.x + php 5.2.13 (fast cgi) setup web serverNginx 0.8.x + php 5.2.13 (fast cgi) setup web server
Nginx 0.8.x + php 5.2.13 (fast cgi) setup web server
 
Install FD.IO VPP On Intel(r) Architecture & Test with Trex*
Install FD.IO VPP On Intel(r) Architecture & Test with Trex*Install FD.IO VPP On Intel(r) Architecture & Test with Trex*
Install FD.IO VPP On Intel(r) Architecture & Test with Trex*
 
CodeFest 2013. Mosesohn M. — Automating environments with Cobbler
CodeFest 2013. Mosesohn M. — Automating environments with CobblerCodeFest 2013. Mosesohn M. — Automating environments with Cobbler
CodeFest 2013. Mosesohn M. — Automating environments with Cobbler
 
Linux sever building
Linux sever buildingLinux sever building
Linux sever building
 
SoHo Honeypot (LUGS)
SoHo Honeypot (LUGS)SoHo Honeypot (LUGS)
SoHo Honeypot (LUGS)
 
Docker for Java developers at JavaLand
Docker for Java developers at JavaLandDocker for Java developers at JavaLand
Docker for Java developers at JavaLand
 
ONIE: Open Network Install Environment @ OSDC 2014 Netways, Berlin
ONIE: Open Network Install Environment @ OSDC 2014 Netways, BerlinONIE: Open Network Install Environment @ OSDC 2014 Netways, Berlin
ONIE: Open Network Install Environment @ OSDC 2014 Netways, Berlin
 
OpenNebulaConf 2014 - CentOS, QA and OpenNebula - Christoph Galuschka
OpenNebulaConf 2014 - CentOS, QA and OpenNebula - Christoph GaluschkaOpenNebulaConf 2014 - CentOS, QA and OpenNebula - Christoph Galuschka
OpenNebulaConf 2014 - CentOS, QA and OpenNebula - Christoph Galuschka
 
OpenNebula Conf 2014: CentOS, QA an OpenNebula - Christoph Galuschka
OpenNebula Conf 2014: CentOS, QA an OpenNebula - Christoph GaluschkaOpenNebula Conf 2014: CentOS, QA an OpenNebula - Christoph Galuschka
OpenNebula Conf 2014: CentOS, QA an OpenNebula - Christoph Galuschka
 
CentOS Stream at Facebook
CentOS Stream at FacebookCentOS Stream at Facebook
CentOS Stream at Facebook
 
DevOPS training - Day 1/2
DevOPS training - Day 1/2DevOPS training - Day 1/2
DevOPS training - Day 1/2
 
2009-01-20 RHEL 5.3 for System z
2009-01-20 RHEL 5.3 for System z2009-01-20 RHEL 5.3 for System z
2009-01-20 RHEL 5.3 for System z
 
Installing nagios core_from_source
Installing nagios core_from_sourceInstalling nagios core_from_source
Installing nagios core_from_source
 
VMware vSphere 4.1 deep dive - part 1
VMware vSphere 4.1 deep dive - part 1VMware vSphere 4.1 deep dive - part 1
VMware vSphere 4.1 deep dive - part 1
 

Mehr von LinuxCon ContainerCon CloudOpen China

Rebuild - Simplifying Embedded and IoT Development Using Linux Containers
Rebuild - Simplifying Embedded and IoT Development Using Linux ContainersRebuild - Simplifying Embedded and IoT Development Using Linux Containers
Rebuild - Simplifying Embedded and IoT Development Using Linux ContainersLinuxCon ContainerCon CloudOpen China
 
High Performance Linux Virtual Machine on Microsoft Azure: SR-IOV Networking ...
High Performance Linux Virtual Machine on Microsoft Azure: SR-IOV Networking ...High Performance Linux Virtual Machine on Microsoft Azure: SR-IOV Networking ...
High Performance Linux Virtual Machine on Microsoft Azure: SR-IOV Networking ...LinuxCon ContainerCon CloudOpen China
 
Is there still room for innovation in container orchestration and scheduling
Is there still room for innovation in container orchestration and scheduling Is there still room for innovation in container orchestration and scheduling
Is there still room for innovation in container orchestration and scheduling LinuxCon ContainerCon CloudOpen China
 

Mehr von LinuxCon ContainerCon CloudOpen China (16)

SecurityPI - Hardening your IoT endpoints in Home.
SecurityPI - Hardening your IoT endpoints in Home. SecurityPI - Hardening your IoT endpoints in Home.
SecurityPI - Hardening your IoT endpoints in Home.
 
kdump: usage and_internals
kdump: usage and_internalskdump: usage and_internals
kdump: usage and_internals
 
Status of Embedded Linux
Status of Embedded LinuxStatus of Embedded Linux
Status of Embedded Linux
 
Scale Kubernetes to support 50000 services
Scale Kubernetes to support 50000 servicesScale Kubernetes to support 50000 services
Scale Kubernetes to support 50000 services
 
Flowchain: A case study on building a Blockchain for the IoT
Flowchain: A case study on building a Blockchain for the IoTFlowchain: A case study on building a Blockchain for the IoT
Flowchain: A case study on building a Blockchain for the IoT
 
Secure Containers with EPT Isolation
Secure Containers with EPT IsolationSecure Containers with EPT Isolation
Secure Containers with EPT Isolation
 
Open Source Software Business Models Redux
Open Source Software Business Models ReduxOpen Source Software Business Models Redux
Open Source Software Business Models Redux
 
Introduction to OCI Image Technologies Serving Container
Introduction to OCI Image Technologies Serving ContainerIntroduction to OCI Image Technologies Serving Container
Introduction to OCI Image Technologies Serving Container
 
Rebuild - Simplifying Embedded and IoT Development Using Linux Containers
Rebuild - Simplifying Embedded and IoT Development Using Linux ContainersRebuild - Simplifying Embedded and IoT Development Using Linux Containers
Rebuild - Simplifying Embedded and IoT Development Using Linux Containers
 
From Resilient to Antifragile Chaos Engineering Primer
From Resilient to Antifragile Chaos Engineering PrimerFrom Resilient to Antifragile Chaos Engineering Primer
From Resilient to Antifragile Chaos Engineering Primer
 
High Performance Linux Virtual Machine on Microsoft Azure: SR-IOV Networking ...
High Performance Linux Virtual Machine on Microsoft Azure: SR-IOV Networking ...High Performance Linux Virtual Machine on Microsoft Azure: SR-IOV Networking ...
High Performance Linux Virtual Machine on Microsoft Azure: SR-IOV Networking ...
 
Linuxcon secureefficientcontainerimagemanagementharbor
Linuxcon secureefficientcontainerimagemanagementharborLinuxcon secureefficientcontainerimagemanagementharbor
Linuxcon secureefficientcontainerimagemanagementharbor
 
Is there still room for innovation in container orchestration and scheduling
Is there still room for innovation in container orchestration and scheduling Is there still room for innovation in container orchestration and scheduling
Is there still room for innovation in container orchestration and scheduling
 
Container Security
Container SecurityContainer Security
Container Security
 
Quickly Debug VM Failures in OpenStack
Quickly Debug VM Failures in OpenStackQuickly Debug VM Failures in OpenStack
Quickly Debug VM Failures in OpenStack
 
Releasing a Distribution in the Age of DevOps.
Releasing a Distribution in the Age of DevOps. Releasing a Distribution in the Age of DevOps.
Releasing a Distribution in the Age of DevOps.
 

Kürzlich hochgeladen

Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Neo4j
 
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsTop 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsRoshan Dwivedi
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...gurkirankumar98700
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfEnterprise Knowledge
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 

Kürzlich hochgeladen (20)

Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsTop 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 

UEFI HTTP/HTTPS Boot LinuxCon China 2017

  • 1. UEFI HTTP/HTTPS Boot LinuxCon China 2017 Keng-Yu Lin <kengyu@hpe.com> June 20, 2017
  • 2. Agenda • UEFI HTTP(s) Boot introduction • HPE UEFI HTTP Boot PoC based on GRUB2 • Share obstacles • Open discussion 2
  • 3. UEFI HTTP(s) Boot Modes Corporate Environment Home Environment 3 DHCP Server with HTTPBoot Extension * Analogous to PXE with TFTP replaced by HTTP(s) Standard DHCP Server * User inputs a URL of a UEFI bootloader and then the system boot from there.
  • 4. Comparison 4 UEFI HTTP(s) Boot PXE IPv4 & IPv6 IPv4 only UEFI 2.5 plus + DHCP extension + HTTP server UEFI or legacy BIOS + DHCP extension + TFTP server Standard DNS setup dnsmasq as the DNS forwarder HTTP server has a variety of access control TFTP has no access control Both UEFI firmware & the bootloader use HTTP Many bootloaders have supported HTTP. TFTP looks redundant 1. PXE-enabled BIOS to load the bootloader (aka Network Bootstrap Program, NBP) 2. HTTP-enabled bootloader loads kernel+initrd via HTTP SSL/TLS support (HTTPS) N/A
  • 5. Example 5 Linux HTTP(s) client server kernel NBP DHCPOFFER with NBP location info Request for the NBP HTTP(s) NBPUEFI HTTPserver Request for loading the Linux kernel and initrd initrd HTTP(s) DHCPDISCOVERY DHCPserver (screenshot from EDK2/OVMF)
  • 6. UEFI HTTP Protocol Usage 6 • Application-level API • No socket/TCP/UDP • Standard HTTP usage • Standard UEFI usage
  • 7. GRUB2 Modular Architecture 7 efihttp.mod kernel.img net.mod efinet.mod crypto.mod http.mod normal.mod terminal.mod extcmd.mod execute load mmap.mod echo.mod load load load load load load load load load load load GRUB2 is not a single binary. It contains a lot of separate modules and they are only loaded when needed.
  • 8. Software-Based Implementation - Patches* from HPE & SuSE - Only use http.mod from GRUB2 - Obstacles of HTTPS - No https.mod in GRUB2 - GRUB2 to use openssl or GnuTLS is error-prone - Saving the certificates in software is dangerous - UEFI already provides good and simple APIs to use. - Disadvantages: only works on UEFI-enabled machines 8 * https://lists.gnu.org/archive/html/grub-devel/2016-08/msg00000.html https://lists.gnu.org/archive/html/grub-devel/2016-12/msg00088.html (screenshot from EDK2/OVMF) SSL certificate in x.509 or PEM format
  • 9. UEFI-Based HTTP Implementation - HPE PoC works on OVMF/QEMU - Preliminary test works on HPE ProLiant Gen10 servers - RFC patchset sent to the GRUB2 upstream - GRUB2 maintainers’ comments: • Prefers the software-based solution with GnuTLS library • Works on non-UEFI arches • Need MNP NIC driver rather than SNP for UEFI HTTP(s) protocols 9 * http://lists.gnu.org/archive/html/grub-devel/2017-01/msg00016.html
  • 10. Obstacle of NIC Driver in GRUB2 – SNP & MNP – Simple Network Protocol, SNP (UEFI 2.6 spec. 23.1) – “This protocol can be used to as a building block in a full UDP and TCP/IP implementation that can produce a variety of application level network interface” – Managed Network Protocol, MNP (UEFI 2.6 spec. 24.1) – “MNP provides raw (unformatted) asynchronous network packet I/O services. The services make it possible for multiple-event-driven drivers and applications to access and use the system network interfaces at the same time.” – In short – GRUB2 only implements SNP network driver – SNP has no “multiplex access” ability – HTTP(s) are an application-level protocols – If GRUB2 and UEFI firmware issue HTTP requests at the same time, there could be race conditions 10 NBP (GRUB2) Software Firmware MNP driver N/A
  • 11. Interactive Source Level GRUB2 / OVMF Co-Debugging 11 QEMU w/ gdbserver OVMF Debug Build * GRUB2 Debug Build ** Load / Execute Load / Execute * http://feishare.com/efimail/messages/20140619-0534-_edk2__source_level_debugging_of_OVMF_with_gdb-Laszlo_Ersek.html ** http://wjhowto.googlepages.com/grub2-r2300-2340-elfgdb.patch ** http://svnweb.mageia.org/packages/cauldron/grub2/current/SOURCES/10005-Make-a-gdb-dprintf-that-tells-us-load-addresses.patch GDB Client Connect 1 Load Symbol Address2 Load Symbol Address3 Source Level Debug Session4
  • 12. Summary – Works on HPE ProLiant Gen10 servers & EDK2/OVMF + QEMU – HPE is the major contributor of UEFI HTTP(s) Boot in EDK2 – HPE is driving the support in Linux bootloaders 12