On 01/24/19 13:22, Rafael Machado wrote: > Hi everyone. > > I have a question. > Considering I have a PXE server that my client downloads a shell.efi app. > Considering also that I need to execute a .nsh script, but I their is no > media at the system. (no usb or storage device attached) > > Is there any way to embed a startup.nsh at the shell.efi application? > As far as I know with PXE just one file is downloaded and executed. (I am > also checking how to use the EfiRamDisk protocol to create a temporary > place for the .nsh generated files.) > > PS.: I don't know to much about HttpBoot. Does HttpBoot has this limitation > of downloading a single file at startup?
With HttpBoot, you can solve this. The Wiki article (and the relevant section) are at: https://github.com/tianocore/tianocore.github.io/wiki/HTTP-Boot#ram-disk-boot-from-http Here's how: (1) First, create a FAT image such that the UEFI shell is in the default boot loader location, according to the architecture. (e.g. EFI/BOOT/BOOTAA64.EFI). Second, place "startup.nsh" in the FAT image such that the shell find it, according to the UEFI shell spec. For this, you can use "mkdosfs" (for formatting the image) and mmd and mcopy (from the mtools package) for copying stuff into the image. Alternatively, you can use "guestfish", or even just loop-mount the FAT image on Linux. (If you create the image in the first place, then it's trustworthy; no need to worry about filesystem driver attacks.) (2) Once you have the FAT image, let's call it "fat.img", use "genisoimage" to generate an ISO image that has "fat.img" as its ElTorito boot image. genisoimage -input-charset ASCII -efi-boot fat.img -no-emul-boot \ -o stuff.iso -- fat.img (3) Serve "stuff.iso" over HTTP. I really hope you are doing this on a trusted, local network! Secure Boot wouldn't be of much help here; the UEFI shell binary is not signed. (And, signing it would be dumb, given that the shell does not check signatures on shell scripts, so the scripts can cause the shell to do basically anything at all.) HTTPS would likely count as an improvement. HTH Laszlo _______________________________________________ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel
