Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Network Boot from Bell Labs

Network Boot from Bell Labs

This presentation was given at Kernel/VM Online Part 1.
The existing network boot methods (PXE Boot, HTTP Boot) are inflexible because of network awareness. Plan 9 File Protocol (9P) provides a network transparent file system and still widely used. In this presentation, I introduce 9pfsPkg, a 9P file system client for UEFI. It provides a network transparent file system with the EFI_SIMPLE_FILE_SYSTEM_PROTOCOL interface so that existing non-network aware UEFI tools can use without any modification. It can boot from a remote 9P server (9P Boot). To demonstrate 9pfsPkg flexibility, I also introduce Proxy Boot. It can mount and boot cloud storage (Google Cloud Storage) via the server with less effort.

Akira Moroo

June 06, 2020
Tweet

More Decks by Akira Moroo

Other Decks in Technology

Transcript

  1. Network Boot from Bell Labs June 6, 2020 Kernel/VM Online

    Part 1 @retrage
  2. Network Boot

  3. What’s Network Boot? • Downloads OS image from remote server

    and boots OS • BIOS has network stack to make it possible • Existing network boots: • PXE Boot • HTTP Boot Se e Se e A Ne o k S ack Clien Clien A BIOS Ne o k S ack
  4. PXE Boot • Widely used, industry standard • Legacy BIOS/UEFI

    • iPXE • Transferring using TFTP • Requires dedicated server Existing Network Boots
  5. HTTP Boot • Supported from UEFI 2.5 (2015) • Transferring

    using HTTP • No dedicated server required • Modern features • DNS support • TLS support (HTTPS Boot) • @tnishinaga’s blog post[1] Existing Network Boots EFI_HTTP_PROTOCOL + Ge ModeDa a(): EFI_HTTP_GET_MODE_DATA + Con g e(): EFI_HTTP_CONFIGURE + Re e (): EFI_HTTP_REQUEST + Cancel(): EFI_HTTP_CANCEL + Re on e(): EFI_HTTP_RESPONSE + Poll(): EFI_HTTP_POLL
  6. Unified Extensible Firmware Interface

  7. UEFI is Extensible • UEFI is modular design • Module

    is called Protocol • UEFI loads protocols • EFI_BOOT_SERVICES has protocol installer functions P c P c P c UEFI D e EFI_BOOT_SERVICES.I a P c I e face() + Ha d e: EFI_HANDLE* + P c : EFI_GUID* + I e faceT e: EFI_INTERFACE_TYPE + I e face: VOID*
  8. Simple File System Protocol • Provides a file system independent

    file operation interface • However, UEFI supports FAT only by default UEFI Protocol Example EFI_SIMPLE_FILE_SYSTEM_PROTOCOL.O e V e() + T : EFI_SIMPLE_FILE_SYSTEM_PROTOCOL* + R : EFI_FILE_PROTOCOL** 1 EFI_FILE_PROTOCOL + O e (): EFI_FILE_OPEN + C e(): EFI_FILE_CLOSE + De e e(): EFI_FILE_DELETE + Read(): EFI_FILE_READ + W e(): EFI_FILE_WRITE + Ge P (): EFI_FILE_GET_POSITION + Se P (): EFI_FILE_SET_POSITION + Ge I (): EFI_FILE_GET_INFO + Ge I (): EFI_FILE_SET_INFO + F (): EFI_FILE_FLUSH + O e E (): EFI_FILE_OPEN_EX + ReadE (): EFI_FILE_READ_EX + W eE (): EFI_FILE_WRITE_EX + F E (): EFI_FILE_FLUSH_EX
  9. Is there any use case for Simple File System Protocol?

  10. Rootkits: Ultimately Practical Use case Strong Evidence of UEFI Flexibility

    • UEFI rootkit is a malware targets UEFI • Deploys another malware (Kernel Rootkits, Agents) • Hacking Team’s rkloader[2] and LoJax[3] • NTFS-3G was ported to UEFI to implant kernel rootkit against Windows
  11. If a network transparent file system exists, it can be

    used for more flexible network boot.
  12. “Here’s Glenda.”

  13. Plan 9 File Protocol (9P) • Plan 9 from Bell

    Labs[7] • “Everything is a file.” • 9P provides file system operation interface for local/ remote processes[8] Ser er T alk R alk T ersion R ersion Ta ach Ra ach Topen Ropen Tread Rread
  14. OK. But is 9P still used?

  15. 9P Use cases Linux • v9fs: 9P fs client[4]

  16. 9P Use cases Linux • v9fs: 9P fs client[4] VirtIO

    • virtio-9p: 9P server[5] • For sharing host files
  17. 9P Use cases Linux • v9fs: 9P fs client[4] VirtIO

    • virtio-9p: 9P server[5] • For sharing host files Windows • WSL2: 9P fs client[6] • For sharing Linux files
  18. GLENDA: ALL YOUR FS ARE BELONG TO US.

  19. 9pfsPkg: 9P Client for UEFI Network Transparent File System •

    Provides Simple File System Protocol interface • Advantages: • Can operate a remote 9P file system like a local file system • Can use existing UEFI tools without any modification • No dedicated server required • Source code available at: https://github.com/yabits/9pfsPkg
  20. 9P Boot Overview • UEFI loads 9pfsPkg UEFI driver and

    registers 9P FS volume • 9pfsPkg communicates with 9P server using UEFI network stack • 9P server operates files in exported directory (e.g. /tmp/9) UEFI 9 f P V e C e Se e 9P Se e Ne S ac / /9 F e S e
  21. Booting from Remote Like a Boss Only a Local File

    System (FS0:) Exists
  22. Booting from Remote Like a Boss Load 9pfsPkg UEFI Driver

    (9pfs.efi)
  23. Booting from Remote Like a Boss New 9P File System

    (FS1:) Appeared with Strange Device Path
  24. Booting from Remote Like a Boss Boot GRUB as If

    Local Disk
  25. 9pfsPkg Application

  26. Proxy Boot: Booting from Cloud Storage Booting from Google Cloud

    Platform Storage • Mount GCP Storage (GCS) using gcsfuse[9] on the server • Set the GCS mount directory (e.g. /mnt/gcs) as 9P exported directory • From UEFI, GCS is mounted indirectly as if local disk  8QWLWOHG'LDJUDPGUDZLR *&3 6WRUDJH 8(), SIV3NJ 9ROXPH 36HUYHU 1HWZRUN6WDFN )86( JFVIXVH PQWJFV &OLHQW 6HUYHU
  27. Proxy Boot: Booting from GCS Upload Boot Image to GCS

    Bucket
  28. Proxy Boot: Booting from GCS Mount GCS Bucket using gcsfuse

  29. Proxy Boot: Booting from GCS Boot BitVisor from CGS Bucket

    via 9P Server
  30. Summary • Existing network-aware boots are less flexible • UEFI

    can handle non-FAT file system using external UEFI drivers • 9P is useful for file sharing • 9pfsPkg is a 9P client for UEFI with Simple File System Protocol interface • Provides network transparent file system boot (9P Boot) • Can boot from cloud storage without any effort (Proxy Boot) • Call for 9pfsPkg Applications: Any Idea?
  31. References • [0] https://uefi.org/sites/default/files/resources/UEFI_Spec_2_8_A_Feb14.pdf • [1] https://tnishinaga.hatenablog.com/entry/2017/12/22/221956 • [2] https://github.com/hackedteam/vector-edk

    • [3] https://www.welivesecurity.com/wp-content/uploads/2018/09/ESET-LoJax.pdf • [4] https://www.kernel.org/doc/Documentation/filesystems/9p.txt • [5] https://www.linux-kvm.org/page/9p_virtio • [6] https://youtu.be/63wVlI9B3Ac?t=481 • [7] https://9p.io/plan9/ • [8] http://man.cat-v.org/plan_9/5/ • [9] https://github.com/GoogleCloudPlatform/gcsfuse
  32. 9pfsPkg Details • 9P.2000L (9P Linux extension) compliant • Read-only

    file system • TCP/IPv4 support • Static IP only • Configurable via UEFI variables • Authentication not implemented yet • Known Issue: ExitBootServices() hangs