loader - guard against empty rootdev
ClosedPublic
Actions

Authored by sjg on May 13 2025, 5:53 PM.

Details

Reviewers

imp
stevek
jhibbits
kevans
manu

Commits

rG41cf74fe8ce5: loader - guard against empty rootdev

Summary

At least one instance of u-boot pretending to be EFI
is passing empty rootdev to loader which does not end well.

A simple precaution is harmless.

Diff Detail

Repository

rG FreeBSD src repository

Lint

Lint Skipped

Unit

Tests Skipped

Build Status

Buildable 64146
Build 61030: arc lint + arc unit

Event Timeline

sjg created this revision.May 13 2025, 5:53 PM

Herald added a reviewer: manu. · View Herald TranscriptMay 13 2025, 5:53 PM

Herald added a subscriber: dab. · View Herald Transcript

Harbormaster completed remote builds in B64145: Diff 155408.May 13 2025, 5:53 PM

sjg requested review of this revision.May 13 2025, 5:53 PM

I don't object, but I'd like more details about how this comes to pass

In D50334#1148471, @imp wrote:

I don't object, but I'd like more details about how this comes to pass

The args passed to loader.efi on this box include rootdev= ipaddr=10.206.36.221 netmask=255.255.240.0 etc,
That empty rootdev is a bug, that causes the loader to crash during:
OK install tftp://10.221.65.31/junos-install-media-net-.....tgz when it goes to mount the rootfs.

main also needs to double check for empty rootdev.

Herald added a subscriber: bcran. · View Herald TranscriptMay 13 2025, 6:29 PM

Harbormaster completed remote builds in B64146: Diff 155409.May 13 2025, 6:29 PM

There are a number of bootinfo's that also getenv("rootdev")

A loader.efi with this change does not crash - but there is a long delay before the libsecureboot self tests output:

FreeBSD/arm64 EFI loader, Revision 2.1
(2025-05-13 22:56:38 sjg@kaos)

Command line arguments: rootdev= DUMMY=1 ipaddr=10.92.244.138 netmask=255.255.254.0 gatewayip=10.92.245.254 serverip=10.221.65.31 maker=Juniper hw.board.name=ex4100-24p hw.board.macbase=4c:73:4f:09:56:80 hw.board.maccount=0080 hw.board.serialno=FC0822AN0027 hw.boot.intrver=1.2 uboot.ethaddr=4c:73:4f:09:56:80 hw.board.reset=16 boot_function=0 boot_phase=7 spi_emulation=1 console=efi vfs.root.mountfrom=cd9660:/dev/md0.uzip
Image base: 0x4fea53000
EFI version: 2.80
EFI Firmware: Das U-Boot (rev 8225.1792)
Console: efi (0x20001000)
Load Path: /loader.efi
Load Device: /VenHw(e61d73b9-a384-4acc-aeab-82e828f3628b)/MAC(4c734f095680,1)
SecureBoot: 0, SetupMode: 1

Setting currdev to net0:
net0: cannot set rx. filters (status=3)

Apparently we stall here for 15 minutes (note loader.efi was loaded from the tftp server so interface is working - for uboot)

Testing hash: sha1 Passed
Testing hash: sha256 Passed
Testing hash: sha384 Passed
Testing verify certificate: EngineeringEcCA Passed
Verified /boot/../manifest signed by PackageDevelopmentECP256_2025
Unverified /boot/boot.4th: no entry

But they can then go on to install via tftp

If it were more than two places, I'd have recommended a function to get this.

This revision is now accepted and ready to land.May 20 2025, 3:13 AM

Closed by commit rG41cf74fe8ce5: loader - guard against empty rootdev (authored by sjg). · Explain WhyMay 20 2025, 4:12 PM

This revision was automatically updated to reflect the committed changes.

sjg added a commit: rG41cf74fe8ce5: loader - guard against empty rootdev.