iPXE discussion forum
Loading a combined kernel, initramfs, and boot options as direct loadable efi stub - Printable Version

+- iPXE discussion forum (https://forum.ipxe.org)
+-- Forum: iPXE user forums (/forumdisplay.php?fid=1)
+--- Forum: General (/forumdisplay.php?fid=2)
+--- Thread: Loading a combined kernel, initramfs, and boot options as direct loadable efi stub (/showthread.php?tid=12883)



Loading a combined kernel, initramfs, and boot options as direct loadable efi stub - tbk - 2018-08-28 09:27

Hi,

I want to load a combined kernel, initramfs, and boot options as direct loadable efi stub. There fore I prepare the kernel.efi as follows:


objcopy \
--add-section .osrel=/etc/os-release --change-section-vma .osrel=0x20000 \
--add-section .cmdline="cmdline.txt" --change-section-vma .cmdline=0x30000 \
--add-section .linux="vmlinuz-linux" --change-section-vma .linux=0x40000 \
--add-section .initrd="initramfs-linux.img" --change-section-vma .initrd=0x3000000 \
/usr/lib/systemd/boot/efi/linuxx64.efi.stub kernel.efi

If I load the kernel.efi direct with the EFI bootmanager everything seems fine.
But if I load the kernel.efi with iPXE the cmdline is somehow missing (the /proc/cmdlin is
empty ... only kernel.efi is in there)


RE: Loading a combined kernel, initramfs, and boot options as direct loadable efi stub - NiKiZe - 2018-08-28 13:01

You modify the kernel instead of using the kernel configuration option (CONFIG_CMDLINE) ?
Which exact kernel version/sources is this? (for anyone that would like to try and reproduce the issue)

In the case of iPXE you always get a cmdline input - my guess (yes purely guess) is that this overrides the cmdline that you add.
The only way to figure out what is going on here is probably to debug the cmdline handling in the linux kernel.

I can not find much information on what the .cmdline is refers to, but there seems to be several related options that you could use to change behavior here. And there is also several bugs with embedded cmdline handling, but all that of course depends on which version of the kernel is used.


RE: Loading a combined kernel, initramfs, and boot options as direct loadable efi stub - tbk - 2018-08-28 15:46

Hi,

I put all peaces together to obtain one file that can be loaded direct from UEFI Firmware (via hard disk or USB stick).
Like hire: http://harald.hoyer.xyz/2015/02/25/single-uefi-executable-for-kernelinitrdcmdline/

I know this could be done during the make of the kernel with the buildin initramfs and a cmdlin in the kernel config file (CONFIG_CMDLINE).

But I was curious if a ipxe also could load the kernel.efi file.

I use Linux/x86 4.14.43 Kernel (the config file: https://pastebin.com/qeqkUssu)

To load the kernel.efi I tried

chain -ar kernel.efi

but then when the initramfs loads and failed to progress I and up in the rescue shell.
If I cat the /proc/cmdlin only kernel.efi is in there and not the content of cmdline.txt

If I load the same file via UEFI Firmware then everything is working as expected.


RE: Loading a combined kernel, initramfs, and boot options as direct loadable efi stub - tbk - 2018-09-28 18:35

Hi,

now this was tough...

as I mentioned in my first post I created the kernel.efi as follows:

objcopy \
--add-section .osrel=/etc/os-release --change-section-vma .osrel=0x20000 \
--add-section .cmdline="cmdline.txt" --change-section-vma .cmdline=0x30000 \
--add-section .linux="vmlinuz-linux" --change-section-vma .linux=0x40000 \
--add-section .initrd="initramfs-linux.img" --change-section-vma .initrd=0x3000000 \
/usr/lib/systemd/boot/efi/linuxx64.efi.stub kernel.efi

for uefi secure boot I signed the kernel.efi with:

sbsign --key vendor.key --cert vendor.crt --output kernel.signed.efi kernel.efi

I mixed up this two files. So I loaded the kernel.signed.efi with ipxe and the kernel.efi direct from local storage.
Because I had uefi secure boot disabled kernel.signed.efi didn't executed with the correct cmdline but the local kernel.efi

Now if I enable uefi secure boot and load the kernel.signed.efi with ipxe the cmdline looks as it should.

so this is no ipxe problem ... but interesting that there is such a difference between loading a signed file.

Cheers and sorry for the noise