[FFe] Include HTTP support in pre-built GRUB module

Bug #1787630 reported by Lee Trager on 2018-08-17
10
This bug affects 1 person
Affects Status Importance Assigned to Milestone
grub2 (Ubuntu)
High
Mathieu Trudel-Lapierre
Bionic
Undecided
Unassigned
Cosmic
Undecided
Unassigned
grub2-signed (Ubuntu)
Undecided
Unassigned
Bionic
Undecided
Unassigned

Bug Description

[Impact]
Required for MAAS to use HTTP transport to provide files for grub2.

[Test case]
0) Provide kernel and initrd on an HTTP server on the network.
1) Boot from the network in UEFI mode using grub's grubnet<arch>.efi binary.
2) Run the following commands:

 linuxefi http://<ip of http server>/<path to kernel> <kernel command-line parameters>
 initrdefi http://<ip of http server>/<path to initrd>
 boot

Verify that the system is able to correctly retrieve the kernel and initrd files from the HTTP server, and that the system boots normally.

[Regression potential]
None. This makes an additional module available for use in the grubnet<arch>.efi pre-built and signed UEFI binaries for grub; it does not otherwise affect other pre-built UEFI images, does not change grub code, and is not used unless explicitly configured to do so by a custom grub configuration file (not in use by default).

---

[Description]
Grub supports booting files over the network via both FTP/HTTP. However, the Ubuntu package is not built with the grub HTTP modules. Enabling this would allow grub to obtain files over HTTP (such as initrd/kernel).

[Rationale]
Enabling HTTP support for Grub would allow MAAS to use such functionality to boot files over the network with HTTP. This allows for improvement performance (vs using ftp) and for better security.

MAAS would use this to download kernel and initrd over HTTP instead of FTP at first for performance improvements.

[Original bug report]

GRUB has builtin support for HTTP via http.mod. This module is not being included in the prebuild grubnetx64.efi. All that should be required is adding the http module. I also suggest building grubnetx64.efi using GRUB modules to include lvm and RAID support this will allow grubnetx64.efi to local boot in all situations.

--- build-efi-images 2018-08-17 10:50:35.124311043 -0700
+++ build-efi-images.new 2018-08-17 10:50:59.270661126 -0700
@@ -148,8 +148,9 @@
  raid5rec
  raid6rec
  "
-NET_MODULES="$CD_MODULES
+NET_MODULES="$GRUB_MODULES
  tftp
+ http
  "

 "$grub_mkimage" -O "$platform" -o "$outdir/gcd$efi_name.efi" \

Lee Trager (ltrager) on 2018-08-17
description: updated
Andres Rodriguez (andreserl) wrote :
Changed in grub2 (Ubuntu):
status: New → Triaged
importance: Undecided → High
summary: - Include HTTP support in pre-build GRUB module
+ [FFe] Include HTTP support in pre-build GRUB module
description: updated
description: updated

Needs to be New for the release team to approve (process is to set to Triaged)

Changed in grub2 (Ubuntu):
status: Triaged → New
assignee: nobody → Mathieu Trudel-Lapierre (cyphermox)

I have reviewed the HTTP code in grub, it looks sane .. no obvious issues that would break Secure Boot validation.

Łukasz Zemczak (sil2100) wrote :

Thank you for the FFe! It's really late for a feature freeze exception though, especially that we're now in Final Freeze. This means we shouldn't risk with anything 'risky' that isn't directly a release blocker for cosmic - which doesn't seem to be the case here. So for now, both me and Laney think that this should go rather as an SRU instead.

tags: added: id-5c13fa834458794246aeeb2c
Changed in grub2 (Ubuntu):
assignee: Mathieu Trudel-Lapierre (cyphermox) → Ubuntu Security Team (ubuntu-security)

I've had another look; it still looks sane to me; but given that it's network code we're importing in the bootloader, it feels like a potential source of vulnerabilities and would be better to have it checked by the Security team.

I've assigned it to ~ubuntu-security...

Please have a look at grub-code/net/http.c; which seems to be the only real source file involved (from grub2 source) into providing the module.

Alex Murray (alexmurray) wrote :

http.c generally looks okay - errors are usually checked and handled, care is taken to ensure buffers are not overrun etc, sizes are handled well etc. From what I can see it appears to also appropriately check input to ensure it doesn't blindly trust it as well.

Also the upstream history of this file looks pretty stable too http://git.savannah.gnu.org/gitweb/?p=grub.git;a=history;f=grub-core/net/http.c

So nothing in particular stands out as a red-flag security wise that I can see.

Alex Murray (alexmurray) on 2019-03-05
Changed in grub2 (Ubuntu):
assignee: Ubuntu Security Team (ubuntu-security) → nobody
Changed in grub2 (Ubuntu):
status: New → In Progress
assignee: nobody → Mathieu Trudel-Lapierre (cyphermox)
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package grub2 - 2.02+dfsg1-12ubuntu2

---------------
grub2 (2.02+dfsg1-12ubuntu2) disco; urgency=medium

  * debian/patches/efi-console-set-text-mode-as-needed.patch: in EFI console,
    only set text-mode when we're actually going to need it.
  * debian/build-efi-images: add http module to NET_MODULES. (LP: #1787630)

 -- Mathieu Trudel-Lapierre <email address hidden> Mon, 11 Mar 2019 17:48:49 -0400

Changed in grub2 (Ubuntu):
status: In Progress → Fix Released
description: updated

Hello Lee, or anyone else affected,

Accepted grub2 into cosmic-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/grub2/2.02+dfsg1-5ubuntu8.3 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested and change the tag from verification-needed-cosmic to verification-done-cosmic. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-cosmic. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping!

N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days.

Changed in grub2 (Ubuntu Cosmic):
status: New → Fix Committed
tags: added: verification-needed verification-needed-cosmic
Brian Murray (brian-murray) wrote :

Hello Lee, or anyone else affected,

Accepted grub2-signed into cosmic-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/grub2-signed/1.110.3 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested and change the tag from verification-needed-cosmic to verification-done-cosmic. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-cosmic. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping!

N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days.

Brian Murray (brian-murray) wrote :

Hello Lee, or anyone else affected,

Accepted grub2 into bionic-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/grub2/2.02-2ubuntu8.13 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested and change the tag from verification-needed-bionic to verification-done-bionic. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-bionic. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping!

N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days.

Changed in grub2-signed (Ubuntu):
status: New → Fix Released
Changed in grub2 (Ubuntu Bionic):
status: New → Fix Committed
tags: added: verification-needed-bionic
Changed in grub2-signed (Ubuntu Bionic):
status: New → Fix Committed
Brian Murray (brian-murray) wrote :

Hello Lee, or anyone else affected,

Accepted grub2-signed into bionic-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/grub2-signed/1.93.14 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested and change the tag from verification-needed-bionic to verification-done-bionic. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-bionic. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping!

N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days.

I have verified that the proposed package in bionic works as expected. I performed the following steps with MAAS.

0) Provide kernel and initrd on an HTTP server on the network.
1) Boot from the network in UEFI mode using grub's grubnet<arch>.efi binary.
2) Provided the following config:

linuxefi http://<ip of http server>/<path to kernel> <kernel command-line parameters>
initrdefi http://<ip of http server>/<path to initrd>
boot

Grub successfully loaded the kernel and initrd from the HTTP server and booted the kernel with attached initrd.

tags: added: verification-done-bionic
removed: verification-needed-bionic
Blake Rouse (blake-rouse) wrote :

I have verified that the proposed package in cosmic works as expected. I performed the following steps with MAAS.

0) Provide kernel and initrd on an HTTP server on the network.
1) Boot from the network in UEFI mode using grub's grubnet<arch>.efi binary.
2) Provided the following config:

linuxefi http://<ip of http server>/<path to kernel> <kernel command-line parameters>
initrdefi http://<ip of http server>/<path to initrd>
boot

Grub successfully loaded the kernel and initrd from the HTTP server and booted the kernel with attached initrd.

tags: added: verification-done verification-done-cosmic
removed: verification-needed verification-needed-cosmic

Thanks Blake!

The verification of the Stable Release Update for grub2 has completed successfully and the package has now been released to -updates. Subsequently, the Ubuntu Stable Release Updates Team is being unsubscribed and will not receive messages about this bug report. In the event that you encounter a regression using the package from -updates please report a new bug using ubuntu-bug and tag the bug report regression-update so we can easily find any regressions.

summary: - [FFe] Include HTTP support in pre-build GRUB module
+ [FFe] Include HTTP support in pre-built GRUB module
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package grub2 - 2.02+dfsg1-5ubuntu8.3

---------------
grub2 (2.02+dfsg1-5ubuntu8.3) cosmic; urgency=medium

   * debian/build-efi-images: add HTTP to generated UEFI images. (LP: #1787630)
   * debian/config.in, debian/grub-common.dirs, debian/postinst.in,
     debian/postrm.in: cherry-pick Colin's changes to ucf handling from
     2.02+dfsg1-11 to avoid unnecessarily prompting about grub.cfg changes.
     (LP: #564853)

 -- Mathieu Trudel-Lapierre <email address hidden> Mon, 18 Mar 2019 12:01:26 -0400

Changed in grub2 (Ubuntu Cosmic):
status: Fix Committed → Fix Released
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package grub2 - 2.02-2ubuntu8.13

---------------
grub2 (2.02-2ubuntu8.13) bionic; urgency=medium

   * debian/build-efi-images: add HTTP to generated UEFI images. (LP: #1787630)
   * debian/config.in, debian/grub-common.dirs, debian/postinst.in,
     debian/postrm.in: cherry-pick Colin's changes to ucf handling from
     2.02+dfsg1-11 to avoid unnecessarily prompting about grub.cfg changes.
     (LP: #564853)

 -- Mathieu Trudel-Lapierre <email address hidden> Mon, 18 Mar 2019 12:11:57 -0400

Changed in grub2 (Ubuntu Bionic):
status: Fix Committed → Fix Released
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package grub2-signed - 1.93.14

---------------
grub2-signed (1.93.14) bionic; urgency=medium

  * Rebuild against grub2 2.02-2ubuntu8.13. (LP: #1787630) (LP: #564853)

 -- Mathieu Trudel-Lapierre <email address hidden> Mon, 18 Mar 2019 14:24:36 -0400

Changed in grub2-signed (Ubuntu Bionic):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers

Bug attachments