Ubuntu
shim package

Shim uses wrong TFTP server IP in proxyDHCP mode

Bug #1813541 reported by Alkis Georgopoulos
16
This bug affects 3 people
Affects Status Importance Assigned to Milestone
shim
New
Unknown
shim (Ubuntu)
Triaged
Medium
Unassigned

Bug Description

This works fine:
UEFI > real DHCP > shimx64.efi over TFTP > grubx64.efi over TFTP.

In the scenario above, if we change "real" with "proxy", it fails, because it's trying to download grubx64.efi from the real DHCP server instead of the proxy one.

A proxy DHCP server is one that only sends the boot filename, and leaves the IP assignments to the real DHCP server. We use that a lot in the ltsp.org and in other netbooting projects, as it avoids the need for a special network setup.

Sample dnsmasq.conf for proxy setup:

enable-tftp
tftp-root=/var/lib/tftpboot
dhcp-range=10.161.254.0,proxy,255.255.255.0
pxe-service=X86-64_EFI,"Boot from network",shimx64.efi

Revision history for this message
Alkis Georgopoulos (alkisg) wrote :

Specifically, I think the issue is in
https://git.launchpad.net/ubuntu/+source/shim/tree/netboot.c#n293

memcpy(&tftp_addr.v4, pkt_v4->BootpSiAddr, 4);

There should be an "if proxy ... use that one for tftp ... else use BootpSiAddr" at that point.

Revision history for this message
Steve Langasek (vorlon) wrote :

By chance can you provide a reference to an RFC that explains the "correct" interaction between proxy DHCP servers and DHCP boot file option? Does the grub DHCP client implementation work the way you describe?

Changed in shim (Ubuntu):
status: New → Incomplete
Revision history for this message
Alkis Georgopoulos (alkisg) wrote :

The PXE specification, which also describes proxyDHCP, can be found for example at:
http://www.pix.net/software/pxeboot/archive/pxespec.pdf

The "proof" that the proxyDHCP server should be used as the TFTP server, is the fact that shimx64.efi was indeed downloaded by the UEFI firmware from the proxyDHCP server. This is true for all UEFI and BIOS firmwares, and for iPXE and any other client that understands PXE services.

Shim just needs to follow suit and use the same TFTP server where it's located at.

Changed in shim (Ubuntu):
status: Incomplete → New
Revision history for this message
Alkis Georgopoulos (alkisg) wrote :

To be more clear (some times I'm not very confident about my English):

TFTP server = proxyDHCP server = where shimx64.efi is.
UEFI and BIOS and iPXE and all clients, use the proxyDHCP server as the TFTP server.

Shimx64.efi on the other hand, tries to download grubx64.efi from the real DHCP server, which usually isn't a TFTP server when proxyDHCP is used, and fails.

Revision history for this message
Alkis Georgopoulos (alkisg) wrote :

Pseudocode for UEFI/BIOS firmwares:
If the DHCP server doesn't offer a boot filename,
and a proxyDHCP server is available,
then use the boot filename from the proxyDHCP offer,
and set TFTP=proxyDHCP.

Pseudocode for shim:
If UEFI reports that it used proxyDHCP, then use that one for the TFTP server.
No decision to be done here; the decision was already done by UEFI in the previous step.
Also, note that there's no "boot filename" involved; that too, was done by UEFI in the previous step.
It's just about deciding where the TFTP server is.

Revision history for this message
Alkis Georgopoulos (alkisg) wrote :

*Actually you can use "boot filename = /path/to/shimx64.efi" just to derive the /path/to/grubx64.efi if you want; but that's not very important, just for TFTP directory organization.

Bug Watch Updater (bug-watch-updater)
Changed in shim:
status: Unknown → New
Steve Langasek (vorlon)
Changed in shim (Ubuntu):
status: New → Triaged
importance: Undecided → Medium
Revision history for this message
RouL (roul-zett) wrote :

Over 1 year and 2 Ubuntu versions later (one of them LTS) and this problem is still not fixed. Even with googling this took me hours to figure out today. :/

Please fix this finally.

I'd submit a patch, but I didn't write any C code, since I was around 21. If anything, I'd probably make things worse. :D

Revision history for this message
Steve Langasek (vorlon) wrote :

The upstream bug is still unresolved, and shim is highly security sensitive code. So we need to wait for an agreed upstream fix.

Revision history for this message
patpat (masottaus) wrote :

This is still unsolved.
where is "upstream" to politely request this fixed?
Even if shim is highly security sensitive it's TFTP requesting
the wrong server in a proxyDHCP environment.
thanks

Revision history for this message
Alkis Georgopoulos (alkisg) wrote :

@patpat, see at that top of this page, the link that says:

auto-github-rhboot-shim #165

You can check the discussion there; I haven't tested any more recent upstream binaries to see if they work now.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.