Michael Brown [Mon, 23 Apr 2012 22:26:29 +0000 (23:26 +0100)]
[http] Avoid using stack-allocated memory in http_step()
http_step() allocates a potentially large block of storage (since the
URI can be arbitrarily long), and can be invoked as part of an already
deep call stack via xfer_window_changed().
Michael Brown [Mon, 23 Apr 2012 19:17:24 +0000 (20:17 +0100)]
[xfer] Avoid using stack-allocated memory in xfer_printf()
xfer_printf() occasionally has to deal with strings that are
potentially long, such as HTTP URIs with multiple query parameters.
Allocating these on the stack can lead to stack overruns and memory
corruption.
Fix by using vasprintf() instead of a stack allocation.
Michael Brown [Mon, 23 Apr 2012 09:47:11 +0000 (10:47 +0100)]
[realtek] Update link state when device is opened
The link state is currently set at probe time, and updated only when
the device is polled. This results in the user seeing a misleading
stale "Link: down" message, if autonegotiation did not complete within
the short timespan of the probe routine.
Fix by updating the link state when the device is opened, so that the
message that ends up being displayed to the user reflects the real
link state at device open time.
Michael Brown [Sat, 21 Apr 2012 15:25:55 +0000 (16:25 +0100)]
[netdevice] Allow network device to update link state before checking
If the network interface has only just been opened (e.g. by the "dhcp"
command) then we should allow at least one opportunity for the card to
update the link state before testing it, to avoid false positives.
Michael Brown [Thu, 19 Apr 2012 13:52:07 +0000 (14:52 +0100)]
[crypto] Allow trusted root certificate to be changed without a rebuild
Changing the trusted root certificate currently requires a rebuild of
the iPXE binary, which may be inconvenient or impractical.
Allow the list of trusted root certificate fingerprints to be
overridden using the "trust" setting, but only at the point of iPXE
initialisation. This prevents untrusted sources of settings
(e.g. DHCP) from subverting the chain of trust, while allowing
trustworthy sources to change the trusted root certificate without
requiring a rebuild.
The basic idea is that if you are able to manipulate a trustworthy
source of settings (e.g. VMware GuestInfo or non-volatile stored
options), then you would be able to replace the iPXE binary anyway,
and so no security is lost by allowing such sources to override the
list of trusted root certificates.
Michael Brown [Sun, 15 Apr 2012 00:35:39 +0000 (01:35 +0100)]
[multiboot] Place multiboot modules low in memory
Solaris assumes that there is enough space above the Multiboot modules
to use as a decompression and scratch area. This assumption is
invalid when using iPXE, which places the Multiboot modules near the
top of (32-bit) memory.
Fix by copying the modules to an area of memory immediately following
the loaded kernel.
Debugged-by: Michael Brown <mcb30@ipxe.org> Debugged-by: Scott McWhirter <scottm@joyent.com> Tested-by: Robin Smidsrød <robin@smidsrod.no> Signed-off-by: Michael Brown <mcb30@ipxe.org>
Michael Brown [Tue, 17 Apr 2012 20:35:40 +0000 (21:35 +0100)]
[realtek] Replace driver for Realtek Gigabit NICs
Tested-by: Thomas Miletich <thomas.miletich@gmail.com> Debugged-by: Thomas Miletich <thomas.miletich@gmail.com> Tested-by: Robin Smidsrød <robin@smidsrod.no> Signed-off-by: Michael Brown <mcb30@ipxe.org>
Michael Brown [Wed, 18 Apr 2012 15:30:11 +0000 (16:30 +0100)]
[mii] Add generic MII reset function
iPXE provides no support for manually configuring the link speed.
Provide a generic routine which should be able to reset any MII/GMII
PHY and enable autonegotiation.
Prototyped-by: Thomas Miletich <thomas.miletich@gmail.com> Signed-off-by: Michael Brown <mcb30@ipxe.org>
Robin Smidsrød [Wed, 11 Apr 2012 20:26:04 +0000 (22:26 +0200)]
[util] Add utility to generate list of supported network cards
niclist.pl recursively scans specified source folders and builds a
list of supported NICs by looking for ISA_ROM and PCI_ROM lines and
outputs the list in text, CSV, JSON, HTML or DokuWiki format. Sorting
and column selection is possible.
The pci-utils pci.ids file is fetched from SourceForge once a day to
also output the "official" vendor/device names associated with the PCI
device.
Signed-off-by: Robin Smidsrød <robin@smidsrod.no> Signed-off-by: Michael Brown <mcb30@ipxe.org>
Michael Brown [Sat, 14 Apr 2012 23:15:41 +0000 (00:15 +0100)]
[multiboot] Include full image URI in command line
Solaris kernels seem to rely on having the full kernel path present in
the multiboot command line; if only the kernel name is present then
the boot fails with the error message
krtld: failed to open 'unix'
Debugged-by: Michael Brown <mcb30@ipxe.org> Debugged-by: Scott McWhirter <scottm@joyent.com> Signed-off-by: Michael Brown <mcb30@ipxe.org>
Michael Brown [Tue, 10 Apr 2012 11:55:54 +0000 (12:55 +0100)]
[int13] Fix compilation on some versions of gcc
Using __from_text16() and __from_data16() in inline asm constraints
sometimes defeats gcc's ability to simplify expressions down to
compile-time constants.
Reported-by: Jason Kohles <jkohles@palantir.com> Signed-off-by: Michael Brown <mcb30@ipxe.org>
Michael Brown [Thu, 29 Mar 2012 00:24:31 +0000 (01:24 +0100)]
[comboot] Remove COMBOOT image support by default
iPXE's support for COMBOOT images is now quite outdated; it has not
kept up to date with changes in the COMBOOT API. The primary use for
COMBOOT seems to be for menuing support. Now that we have native iPXE
script-based menus, COMBOOT support can be gracefully retired (with
immense thanks to Daniel Verkamp for having successfully implemented
such an ambitious feature many years ago).
Michael Brown [Tue, 27 Mar 2012 19:55:19 +0000 (20:55 +0100)]
[console] Ignore unexpected keysyms when generating keyboard maps
I am unable to find any definitive documentation on how Linux keyboard
symbols work. In the absence of any documentation, I'm going to
assume that unexpected keysyms are harmless and should be ignored.
Michael Brown [Mon, 26 Mar 2012 23:21:24 +0000 (00:21 +0100)]
[umalloc] Unhide umalloc()ed memory region when there are no allocations
At present, we always hide an extra sizeof(struct external_memory), to
account for the header on the lowest allocated block. This header
ceases to exist when there are no allocated blocks remaining.
Michael Brown [Mon, 26 Mar 2012 20:03:59 +0000 (21:03 +0100)]
[console] Do not share ANSI escape context between lineconsole users
An ANSI escape sequence context cannot be shared between multiple
users. Make the ANSI escape sequence context part of the line console
definition and provide individual contexts for each user.
Michael Brown [Mon, 26 Mar 2012 18:50:50 +0000 (19:50 +0100)]
[console] Add "log message" console usage and an internal syslog() call
Provide an internal syslog() function (unrelated to the syslog
console) which can be used to create log messages with specified
priorities.
The build-time constant LOG_LEVEL can be used to select the minimum
required priority for log messages. Any messages that do not have a
sufficient priority will be ignored (and will be optimised away at
compile-time).
Michael Brown [Mon, 26 Mar 2012 18:02:30 +0000 (19:02 +0100)]
[console] Exclude text-based UI output from logfile-based consoles
The output from text-based user interfaces such as the "config"
command is not generally meaningful for logfile-based consoles such as
syslog and vmconsole.
Michael Brown [Mon, 26 Mar 2012 16:25:08 +0000 (17:25 +0100)]
[console] Allow usage to be defined independently for each console
Add the concept of a "console usage", such as "standard output" or
"debug messages". Allow usages to be associated with each console
independently. For example, to send debugging output via the serial
port, while preventing it from appearing on the local console:
Michael Brown [Sat, 24 Mar 2012 01:16:37 +0000 (01:16 +0000)]
[image] Simplify image management commands and internal API
Remove the name, cmdline, and action parameters from imgdownload() and
imgdownload_string(). These functions now simply download and return
an image.
Add the function imgacquire(), which will interpret a "name or URI
string" parameter and return either an existing image or a newly
downloaded image.
Use imgacquire() to merge similar image-management commands that
currently differ only by whether they take the name of an existing
image or the URI of a new image to download. For example, "chain" and
"imgexec" can now be merged.
Extend imgstat and imgfree commands to take an optional list of
images.
Remove the arbitrary restriction on the length of image names.
Michael Brown [Thu, 22 Mar 2012 13:39:45 +0000 (13:39 +0000)]
[image] Add concept of trusted images
Trusted images may always be executed. Untrusted images may be
executed only if the current image trust requirement allows untrusted
images.
Images can be marked as trusted using image_trust(), and marked as
untrusted using image_untrust().
The current image trust requirement can be changed using
image_set_trust(). It is possible to make the change permanent, in
which case any future attempts to change the image trust requirement
will fail.
Michael Brown [Thu, 22 Mar 2012 12:22:38 +0000 (12:22 +0000)]
[bios] Set character attributes only when necessary
There is no INT 10 call for "display character with attribute,
advancing the cursor and scrolling the screen as necessary". We
therefore make two INT 10 calls: INT 10,09 to write the character with
its attribute at the current cursor position, and then INT 10,0e to
(re)write the character (leaving the attribute unchanged), advance the
cursor position and scroll as necessary.
This confuses the serial-over-LAN console redirection feature provided
by some BIOSes.
Fix by performing the INT10,09 only when necessary to change the
existing attribute.
Reported-by: Itay Gazit <itaygazit@gmail.com> Tested-by: Itay Gazit <itaygazit@gmail.com> Signed-off-by: Michael Brown <mcb30@ipxe.org>
Michael Brown [Tue, 20 Mar 2012 23:54:16 +0000 (23:54 +0000)]
[crypto] Add support for Cryptographic Message Syntax (PKCS #7)
The Cryptographic Message Syntax (PKCS#7) provides a format for
encapsulating digital signatures of arbitrary binary blobs. A
signature can be generated using
Michael Brown [Wed, 21 Mar 2012 13:57:32 +0000 (13:57 +0000)]
[crypto] Generalise X.509 OID-identified algorithm to asn1.c
The concept of an OID-identified algorithm as defined in X.509 is used
in some other standards (e.g. PKCS#7). Generalise this functionality
and provide it as part of the ASN.1 core.
Michael Brown [Wed, 21 Mar 2012 16:09:58 +0000 (16:09 +0000)]
[crypto] Treat ASN.1 OIDs as opaque
OIDs are theoretically part of a global hierarchy. However, the
hierarchy is sufficiently disorganised as to be essentially
meaningless for all purposes other than guaranteeing uniqueness.
Ignore the hierarchical nature of OIDs and treat them as opaque.
Michael Brown [Tue, 20 Mar 2012 13:32:20 +0000 (13:32 +0000)]
[build] Allow a client certificate to be specified at build time
Allow a client certificate and corresponding private key to be
specified at build time using the syntax
make CERT=/path/to/certificate KEY=/path/to/key
The build process uses openssl to convert the files into DER format,
and includes them within the client certificate store in
clientcert.c. The build process will prompt for the private key
password if applicable.
Note that the private key is stored unencrypted, and so the resulting
iPXE binary (and the temporary files created during the build process)
should be treated as being equivalent to an unencrypted private key
file.
Michael Brown [Tue, 20 Mar 2012 17:05:37 +0000 (17:05 +0000)]
[tls] Treat handshake digest algorithm as a session parameter
Simplify code by recording the active handshake digest algorithm as a
session parameter. (Note that we must still accumulate digests for
all supported algorithms, since we don't know which digest will
eventually be used until we receive the Server Hello.)
Michael Brown [Tue, 20 Mar 2012 04:07:53 +0000 (04:07 +0000)]
[tls] Use hybrid MD5+SHA1 algorithm
TLSv1.1 and earlier use a hybrid of MD5 and SHA-1 to generate digests
over the handshake messages. Formalise this as a separate digest
algorithm "md5+sha1".
Michael Brown [Sun, 18 Mar 2012 20:17:41 +0000 (20:17 +0000)]
[tls] Validate server certificate
Validate the server certificate against the trusted root certificate
store. The server must provide a complete certificate chain, up to
and including the trusted root certificate that is embedded into iPXE.
Note that the date and time are not yet validated.
Michael Brown [Sun, 18 Mar 2012 22:55:29 +0000 (22:55 +0000)]
[build] Allow trusted root certificates to be specified at build time
Allow trusted root certificates to be specified at build time using
the syntax
make TRUST=/path/to/certificate1,/path/to/certificate2,...
The build process uses openssl to calculate the SHA-256 fingerprints
of the specified certificates, and adds them to the root certificate
store in rootcert.c. The certificates can be in any format understood
by openssl.
The certificates may be server certificates or (more usefully) CA
certificates.
If no trusted certificates are specified, then the default "iPXE root
CA" certificate will be used.
projects / thirdparty / ipxe.git / log
