[pxe] Warn about PXE NBPs that may be EFI executables

A relatively common user mistake is to attempt to boot an EFI
executable (such as grub.efi) using a BIOS version of iPXE.

Unfortunately there are no signature checks that we can use to
unambiguously identify a PXE NBP, since a PXE NBP is just raw machine
code.  We therefore have to accept anything sufficiently small to fit
into base memory as a valid PXE NBP.

We can detect that a file might be an EFI executable by checking for
the initial "MZ" signature bytes.  This does not necessarily preclude
the file from also being a PXE NBP (since it would be possible to
create a hybrid binary which acts as both an EFI executable and a PXE
NBP, similar to the way in which wimboot and the Linux kernel are
hybrid binaries which act as both an EFI executable and a bzImage).

If the initial "MZ" signature bytes are present, then attempt to warn
the user by setting the image type to "PXE-NBP (may be EFI?)".  We
can't (sensibly) prevent the user from accidentally running an EFI
executable as a PXE NBP, but we can at least make it easier for the
user to identify their mistake.

Inspired-by: Robin Smidsrød <robin@smidsrod.no>
Inspired-by: Wissam Shoukair <wissams@mellanox.com>
Signed-off-by: Michael Brown <mcb30@ipxe.org>

diff --git a/src/arch/i386/image/pxe_image.c b/src/arch/i386/image/pxe_image.c
index 499e652920ebd8448816e17d367034e6200ddda5..5b0f6eb89683734b2eecd010ac269abe2741318d 100644 (file)
--- a/src/arch/i386/image/pxe_image.c
+++ b/src/arch/i386/image/pxe_image.c
@@ -38,6 +38,8 @@ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL );
 #include <ipxe/netdevice.h>
 #include <ipxe/features.h>
 #include <ipxe/console.h>
+#include <ipxe/efi/efi.h>
+#include <ipxe/efi/IndustryStandard/PeImage.h>
 
 FEATURE ( FEATURE_IMAGE, "PXE", DHCP_EB_FEATURE_PXE, 1 );
 
@@ -125,9 +127,45 @@ int pxe_probe ( struct image *image ) {
        return 0;
 }
 
+/**
+ * Probe PXE image (with rejection of potential EFI images)
+ *
+ * @v image            PXE file
+ * @ret rc             Return status code
+ */
+int pxe_probe_no_mz ( struct image *image ) {
+       uint16_t magic;
+       int rc;
+
+       /* Probe PXE image */
+       if ( ( rc = pxe_probe ( image ) ) != 0 )
+               return rc;
+
+       /* Reject image with an "MZ" signature which may indicate an
+        * EFI image incorrectly handed out to a BIOS system.
+        */
+       if ( image->len >= sizeof ( magic ) ) {
+               copy_from_user ( &magic, image->data, 0, sizeof ( magic ) );
+               if ( magic == cpu_to_le16 ( EFI_IMAGE_DOS_SIGNATURE ) ) {
+                       DBGC ( image, "IMAGE %p may be an EFI image\n",
+                              image );
+                       return -ENOTTY;
+               }
+       }
+
+       return 0;
+}
+
 /** PXE image type */
-struct image_type pxe_image_type __image_type ( PROBE_PXE ) = {
-       .name = "PXE",
-       .probe = pxe_probe,
-       .exec = pxe_exec,
+struct image_type pxe_image_type[] __image_type ( PROBE_PXE ) = {
+       {
+               .name = "PXE-NBP",
+               .probe = pxe_probe_no_mz,
+               .exec = pxe_exec,
+       },
+       {
+               .name = "PXE-NBP (may be EFI?)",
+               .probe = pxe_probe,
+               .exec = pxe_exec,
+       },
 };