[ipxe-devel] iPXE EFI handover protocol - experienced developer wanted
Dear iPXE developers, I am asking on behalf of our managing director and head of software development at IServ GmbH, Brunswick, Germany. We're using iPXE as part of our software deployment and client management solution to perform the PXE network boot. With some of our customer's devices (usually notebooks) we encountered the error "Exec format error (http://ipxe.org/2e008081)" while booting Linux kernels together with an initramfs using iPXE. Last year in September I opened a thread on this mailing list asking for support to analyze the problem: https://lists.ipxe.org/pipermail/ipxe-devel/2019-September/006759.html. Following recommendations from other participants here, various potential causes of the problem were investigated and dismissed. In the past we have used the PXELINUX component of the SYSLINUX project instead of iPXE to perform the PXE boot which worked fine on the affected devices. According to the last result of the causal analysis I performed, it seems that PXELINUX uses a feature called "EFI Handover Protocol" (see https://lists.syslinux.org/archives/syslinux-commits/2013-July/002387.html) which probably circumvents broken EFI image loading function of the firmware and instead executes the EFI stub of the Linux kernel directly. We're therefore searching a developer experienced in iPXE who is able to implement support for the EFI Handover Protocol in iPXE in exchange for payment like it is already implemented in the PXELINUX project, as we assume that this way the problems with the faulty firmware can be circumvented. We already addressed a similar request to vendor-supp...@ipxe.org several months ago - unfortunately it came to nothing after a good start and no further response was received although it looked very promising. As we did not see further possibilities I am trying it on this way now. If you are interested and experienced, please contact us at i...@iserv.eu to discuss more precise details with our managing director. -- Best regards, Felix Jacobi IServ GmbH Bültenweg 73 38106 Braunschweig Phone: 0531-2243666-0 Fax:0531-2243666-9 E-mail: felix.jac...@iserv.eu Web:https://www.iserv.eu Tax ID: DE265149425 Executive directors:Benjamin Heindl, Martin Hüppe, Jörg Ludwig Principles on privacy: https://www.iserv.eu/privacy Verify my identity: https://github.com/FelixJacobi/gpg-keys OpenPGP_0xDC56298737E1DA91.asc Description: application/pgp-keys OpenPGP_signature Description: OpenPGP digital signature ___ ipxe-devel mailing list ipxe-devel@lists.ipxe.org https://lists.ipxe.org/mailman/listinfo/ipxe-devel
Re: [ipxe-devel] Error "Could not select: Exec format error (2e008081)" while loading EFI images via HTTP/TFTP
Hi Geert, > > So back to Error "Could not select: Exec format error (2e008081)" while > loading EFI images via HTTP/TFTP > > My educated guess is with Christian Nilssons posting from yesterday > the file gets damaged during transport > > Please pursuit this interresting problem I compiled an iPXE binary with the DIGEST_CMD option included as described in http://ipxe.org/dev/drvtest/md5sum. The output of the md5sum command looks fine compared to the test on the boot server: felix.mein-iserv.de ~ # md5sum /srv/tftpboot/efi64/install 577a82ef6530d4a17c651617cfdd98a2 /srv/tftpboot/efi64/install https://community.iserv.eu/upload/pahquei9agohmeekahcesaimoiG9Eg9keathawaev5lei2ieQuaiwee3au9Avaqu/md5sum.jpg So I guess that the file is transferred undamaged as already implied by the byte size comparison. Regards, Felix -- Best regards, Felix Jacobi IServ GmbH Bültenweg 73 38106 Braunschweig Phone: 0531-2243666-0 Fax:0531-2243666-9 E-mail: felix.jac...@iserv.eu Web:https://www.iserv.eu Tax ID: DE265149425 Executive directors:Benjamin Heindl, Martin Hüppe, Jörg Ludwig Principles on privacy: https://www.iserv.eu/privacy Verify my identity: https://github.com/FelixJacobi/gpg-keys ___ ipxe-devel mailing list ipxe-devel@lists.ipxe.org https://lists.ipxe.org/mailman/listinfo.cgi/ipxe-devel
Re: [ipxe-devel] Error "Could not select: Exec format error (2e008081)" while loading EFI images via HTTP/TFTP
On 10.09.19 at 13:25, Felix Jacobi wrote: > Yeah, I will try to research on that point. As already mentioned before > there is no such option in the firmware. That either implies that there > is no support for secure boot or secure boot is always active. I am not > sure if the latter case is even possible, as the iPXE binary itself is > loaded without problems at the beginning. I installed a Windows manually on the broken notebook, Windows says via the system information program that secure boot isn't active. Regards, Felix -- Best regards, Felix Jacobi IServ GmbH Bültenweg 73 38106 Braunschweig Phone: 0531-2243666-0 Fax:0531-2243666-9 E-mail: felix.jac...@iserv.eu Web:https://www.iserv.eu Tax ID: DE265149425 Executive directors:Benjamin Heindl, Martin Hüppe, Jörg Ludwig Principles on privacy: https://www.iserv.eu/privacy Verify my identity: https://github.com/FelixJacobi/gpg-keys signature.asc Description: OpenPGP digital signature ___ ipxe-devel mailing list ipxe-devel@lists.ipxe.org https://lists.ipxe.org/mailman/listinfo.cgi/ipxe-devel
Re: [ipxe-devel] Error "Could not select: Exec format error (2e008081)" while loading EFI images via HTTP/TFTP
Hi Christian, > My guess is that your server returns something other than what you > expect it to - maybe because it is ipxe, and not a browser, and your > server detects this. or something similar which "corrupts" the data. I checked that the URL is correct, it definitely serves a Linux kernel image: felix.mein-iserv.de ~ # wget -q https://felix.mein-iserv.de/tftpboot/efi64/install felix.mein-iserv.de ~ # file install install: Linux kernel x86 boot executable bzImage, version 5.0.0-27-generic (buildd@lgw01-amd64-016) #28-Ubuntu SMP Tue Aug 20 19:53:07 UTC 2019, RO-rootFS, swap_dev 0x8, Normal VGA > use imgstat before boot > verify that it says that it is an EFI image. > Also verify that the filesize is correct. > And that you have the correct url (that install is the actual image) > Also used imgfetch and imgstat to verify that the image has the correct size in bytes: Broken notebook: https://community.iserv.eu/upload/faepiegho7oosh9ut8zieshe2PhaavieVohF0cooxi8ahgho8aic6Aicee4eikee/broken.jpg Other working device: https://community.iserv.eu/upload/faepiegho7oosh9ut8zieshe2PhaavieVohF0cooxi8ahgho8aic6Aicee4eikee/working.jpg Image on boot server: felix.mein-iserv.de ~ # ls -la /srv/tftpboot/efi64/install lrwxrwxrwx 1 root root 35 Sep 3 13:20 /srv/tftpboot/efi64/install -> ../opsi-linux-bootimage/x64/vmlinuz felix.mein-iserv.de ~ # ls -la /srv/tftpboot/opsi-linux-bootimage/x64/vmlinuz lrwxrwxrwx 1 root root 24 Sep 3 13:20 /srv/tftpboot/opsi-linux-bootimage/x64/vmlinuz -> vmlinuz-5.0.0-27-generic felix.mein-iserv.de ~ # ls -la /srv/tftpboot/opsi-linux-bootimage/x64/vmlinuz-5.0.0-27-generic -rw-r--r-- 1 root root 8,4M Aug 20 21:25 /srv/tftpboot/opsi-linux-bootimage/x64/vmlinuz-5.0.0-27-generic felix.mein-iserv.de ~ # du --bytes /srv/tftpboot/opsi-linux-bootimage/x64/vmlinuz-5.0.0-27-generic 8711928 /srv/tftpboot/opsi-linux-bootimage/x64/vmlinuz-5.0.0-27-generic > in your last image you can see that your imagefetch is not able to > detect the fileformat. The interesting point is that the broken notebook seems to does not detect the image as EFI binary. The working reference device seems to doesn't have this problem. > And yes, disable secure boot, unless you have both ipxe, and the > kernel signed by a certificate that has been added inside firmware > config. Yeah, I will try to research on that point. As already mentioned before there is no such option in the firmware. That either implies that there is no support for secure boot or secure boot is always active. I am not sure if the latter case is even possible, as the iPXE binary itself is loaded without problems at the beginning. > You can follow the link to see each place in the sourcecode where this > error can come from. (also, always include the link that are shown > together with the error message to get help easier) I will include the link to the error code here afterwards to ease comprehending this thread for other ones: http://ipxe.org/err/2e0080 Thank you for your time. Regards, Felix -- Best regards, Felix Jacobi IServ GmbH Bültenweg 73 38106 Braunschweig Phone: 0531-2243666-0 Fax:0531-2243666-9 E-mail: felix.jac...@iserv.eu Web:https://www.iserv.eu Tax ID: DE265149425 Executive directors:Benjamin Heindl, Martin Hüppe, Jörg Ludwig Principles on privacy: https://www.iserv.eu/privacy Verify my identity: https://github.com/FelixJacobi/gpg-keys signature.asc Description: OpenPGP digital signature ___ ipxe-devel mailing list ipxe-devel@lists.ipxe.org https://lists.ipxe.org/mailman/listinfo.cgi/ipxe-devel
Re: [ipxe-devel] Error "Could not select: Exec format error (2e008081)" while loading EFI images via HTTP/TFTP
Hi Arne, Thank you for your reply. On 09.09.19 at 15:17, should be q931 wrote: > As per your screenshot, the error code given is in a URL > > The error provides a URL http://ipxe.org/err/2e008081 Yeah, I am aware of the error page and checked the list from the additional notes. That's the reason I wrote that the Linux kernel is compiled with the CONFIG_EFI_STUB option. I am also definitely sure that the kernel image isn't corrupted in some way as it works seamlessly with other hardware in UEFI mode. The same applies for the iPXE binary itself which works on other hardware, too. > If a BIOS iPXE is able to be chainloaded, then it would indicate that it > is BIOS mode rather than UEFI mode, and this may be why it will not > chain load a UEFI iPXE The notebook has definitely no BIOS legacy mode, it just boots in UEFI mode. The iPXE EFI binary itself is loaded correctly by the firmware via HTTP with the URL supplied by DHCP. Chainloading further iPXE scripts works correctly, but iPXE is unable to load subsequent EFI binaries. Regards, Felix -- Best regards, Felix Jacobi IServ GmbH Bültenweg 73 38106 Braunschweig Phone: 0531-2243666-0 Fax:0531-2243666-9 E-mail: felix.jac...@iserv.eu Web:https://www.iserv.eu Tax ID: DE265149425 Executive directors:Benjamin Heindl, Martin Hüppe, Jörg Ludwig Principles on privacy: https://www.iserv.eu/privacy Verify my identity: https://github.com/FelixJacobi/gpg-keys signature.asc Description: OpenPGP digital signature ___ ipxe-devel mailing list ipxe-devel@lists.ipxe.org https://lists.ipxe.org/mailman/listinfo.cgi/ipxe-devel
Re: [ipxe-devel] Accessing information from dmitable
Am 05.03.19 um 13:21 schrieb Christian Nilsson: > First check config, it has as system (smbios) subsection with some > information, some of what you want is there. > but these names are just alias for the actual table. So after that > continue with reading http://forum.ipxe.org/showthread.php?tid=7749 Thank you, the advices on the smbios/* values were very helpful! -- Mit freundlichen Grüßen, Felix Jacobi IServ GmbH Bültenweg 73 38106 Braunschweig Telefon:0531-2243666-0 Fax:0531-2243666-9 Mobil: 01515-2525304 E-Mail: felix.jac...@iserv.eu Internet: www.iserv.eu USt.-IdNr.: DE265149425 Geschäftsführer:Benjamin Heindl, Martin Hüppe, Jörg Ludwig Verify my identity: https://github.com/FelixJacobi/gpg-keys signature.asc Description: OpenPGP digital signature ___ ipxe-devel mailing list ipxe-devel@lists.ipxe.org https://lists.ipxe.org/mailman/listinfo.cgi/ipxe-devel
[ipxe-devel] Accessing information from dmitable
Hi there, I am currently trying to access some information in the system's dmitable. In the past I used the following Lua code in SYLINUX for that case: local dmi = require "dmi" if(dmi.supported()) dmitable = dmi.gettable() if (dmitable["system"]) then sm = dmitable["system"]["manufacturer"] sv = dmitable["system"]["version"] sp = dmitable["system"]["product_name"] end if (dmitable["base_board"]) then bm = dmitable["base_board"]["manufacturer"] bp = dmitable["base_board"]["product_name"] end end I already figured out that the value of dmitable["system"]["manufacturer"] can be obtained in iPXE using "show manufacturer". Same for dmitable["system"]["product_name"] using "show product". I am currently searching for ways to access the "version" value from "system" and the "base_board" values using iPXE. Is there any way to do that? -- Mit freundlichen Grüßen, Felix Jacobi IServ GmbH Bültenweg 73 38106 Braunschweig Telefon:0531-2243666-0 Fax:0531-2243666-9 Mobil: 01515-2525304 E-Mail: felix.jac...@iserv.eu Internet: www.iserv.eu USt.-IdNr.: DE265149425 Geschäftsführer:Benjamin Heindl, Martin Hüppe, Jörg Ludwig Verify my identity: https://github.com/FelixJacobi/gpg-keys signature.asc Description: OpenPGP digital signature ___ ipxe-devel mailing list ipxe-devel@lists.ipxe.org https://lists.ipxe.org/mailman/listinfo.cgi/ipxe-devel
