search

ValdikSS / Super-UEFIinSecureBoot-Disk

Super UEFIinSecureBoot Disk: Boot any OS or .efi file without disabling UEFI Secure Boot
723 stars 107 forks source link

Suggestion: add wimboot support #1

Closed Sporesirius closed 5 years ago

Sporesirius commented 5 years ago

Wimboot support would be good as a feature.

ValdikSS commented 5 years ago

Are you referring to wimboot from iPXE project? http://ipxe.org/wimboot

Sporesirius commented 5 years ago

Yes, so that you can patch and install multiple versions of windows.

The only question is if you can use wimboot with grub2 🤔

ValdikSS commented 5 years ago

Is it really useful? You can boot WinPE from GRUB2 without wimboot, using chainloader to Windows efi bootloader. Or do you want to store only a single .wim file without unpacking bootloader and BCD/boot.sdi first? Anyway, try it out: http://git.ipxe.org/releases/wimboot/wimboot-latest.zip

Sporesirius commented 5 years ago

Okay, i tested wimboot with the following result: if i load with chainloader i get a /grub-core/loader/efi/chainloder.c:107:unknown error and with linuxefi i get a kernel too old.

Because of the use, i thought so you can use multiple windows ISOs e.g. at the same time without using the stupid bcd and with this you should be able to start the windows installer as well..

ValdikSS commented 5 years ago

See here: http://reboot.pro/topic/21266-grub-uefi-wimboot-error-kernel-too-old/?p=204067

Sporesirius commented 5 years ago

Hm, it looks like you can only start Wimboot over IPXE in UEFI mode. But it doesn't make sense if you need a network interface for a local boot. Too bad.

ValdikSS commented 5 years ago

I'm pretty sure you don't have to use network fnuctionality of iPXE. http://reboot.pro/topic/21266-grub-uefi-wimboot-error-kernel-too-old/?p=204066 Here the author presses ctrl+b during ipxe boot process. Have you tried that?

Sporesirius commented 5 years ago

iPXE requires a network interface even if you are using the file:// URI. http://forum.ipxe.org/showthread.php?tid=17261

EDIT: I think I understand the problem now.

wimboot have a header that makes it look like both a .efi and a linux kernel this is so the same file can be used in both environments.

It seems that grub incorrectly detects this as an old linux kernel and does not even try to run it in efi mode. http://forum.ipxe.org/showthread.php?tid=8193

ValdikSS commented 5 years ago

I see. That's an interesting thing, I think wimboot needs to be fixed to be loaded with linuxefi. I'll take a look in free time.

ValdikSS commented 5 years ago

Try to use wimboot with "linux" command in SUISBD v2.

Sporesirius commented 5 years ago

Okay, when i try to start wimboot with the linux command i get a blackscreen in legacy and uefi mode (also with initrd parameter).

ValdikSS commented 5 years ago

Could you try booting wimboot with stock GRUB 2.02 (without hardening patches, so not from Ubuntu/Fedora, maybe from Debian, or better self-compiled)?

ValdikSS commented 5 years ago

Another idea is to patch wimboot to load all files in the directory where wimboot.efi file is located, so it could be loaded using chainloader without arguments. To achieve this, efi_extract function in src/efifile.c should be re-made to use LOADED_IMAGE_PROTOCOL FilePath.

ValdikSS commented 5 years ago

As an alternative, take a look at linuxefi support patches I found in the mailing list: http://lists.ipxe.org/pipermail/ipxe-devel/2018-November/006338.html http://lists.ipxe.org/pipermail/ipxe-devel/2018-November/006339.html http://lists.ipxe.org/pipermail/ipxe-devel/2018-November/006340.html http://lists.ipxe.org/pipermail/ipxe-devel/2018-November/006341.html

Please test current wimboot on stock GRUB with linux command and tell if it works. If it doesn't, that's probably a wimboot problem, not GRUB's.

Sporesirius commented 5 years ago

Could you try booting wimboot with stock GRUB 2.02 (without hardening patches, so not from Ubuntu/Fedora, maybe from Debian, or better self-compiled)?

I compiled GRUB 2.02 myself and installed it in EFI mode on a USB stick, but unfortunately the result was the same: With linux (initrd) and chainloder wimboot is not loaded and the VM restarts.

Another idea is to patch wimboot to load all files in the directory where wimboot.efi file is located, so it could be loaded using chainloader without arguments. To achieve this, efi_extract function in src/efifile.c should be re-made to use LOADED_IMAGE_PROTOCOL FilePath.

I don't think that will work either, even with the chainloder I can't load wimboot in EFI mode. or could you run wimboot in EFI mode with the chainloder?

As an alternative, take a look at linuxefi support patches I found in the mailing list: http://lists.ipxe.org/pipermail/ipxe-devel/2018-November/006338.html http://lists.ipxe.org/pipermail/ipxe-devel/2018-November/006339.html http://lists.ipxe.org/pipermail/ipxe-devel/2018-November/006340.html http://lists.ipxe.org/pipermail/ipxe-devel/2018-November/006341.html

Okay, that might be helpful. Thanks

Please test current wimboot on stock GRUB with linux command and tell if it works. If it doesn't, that's probably a wimboot problem, not GRUB's.

As mentioned above, the current GRUB 2.02 stock is not working for me. Maybe it's really a wimboot problem.

ValdikSS commented 5 years ago

I don't think that will work either, even with the chainloder I can't load wimboot in EFI mode. or could you run wimboot in EFI mode with the chainloder?

Yes, the file at least starts. wimboot loaded with chainloader tries to load all files from the root of USB stick, which are certainly not the files I want it to load.

ValdikSS commented 5 years ago

Could you file a bug that wimboot does not boot in EFI mode using linux command, to iPXE/wimboot bug tracker? I can't find any clues that it should not work.

steve6375 commented 5 years ago

I don't think iPXE wimboot supports UEFI. It would be great if it did!

However, MBR boot support in this project would be nice to add because you can boot to a Windows Install ISO AND install Windows using it, which is something grub2 cannot normally do because WinPE has to see the ISO as a virtual DVD. See http://reboot.pro/topic/21950-install-windows-10-from-iso-with-wimboot/ You can use Wimboot to specify the name of the ISO that it is needed to load using a dummy .tag file and then you can make WinPE run ImDisk to load the ISO as drive Y: so that Setup can see the Install.wim. This means you can install pretty much any version of Windows just by adding the ISOs. See https://ipxe.org/wimboot

Sporesirius commented 5 years ago

Could you file a bug that wimboot does not boot in EFI mode using linux command, to iPXE/wimboot bug tracker? I can't find any clues that it should not work.

I have looked around a bit and it seems that the developers already know about the Wimboot EFI problem (it has been posted several times). I don't think it's going to be taken care of. Too bad it has a lot of potential.

I don't think iPXE wimboot supports UEFI. It would be great if it did!

This is not true Wimboot is quite capable to be started in EFI mode.

steve6375 commented 5 years ago

This is not true Wimboot is quite capable to be started in EFI mode. Yes - but only from an iPXE environment. iPXe can run wimboot, but you cannot UEFI-boot and chainload to wimboot directly.

Sporesirius commented 5 years ago

As far as I know you can run wimboot from a UEFI shell?

steve6375 commented 5 years ago

If you are at the uefi shell, how can you run wimboot and load the initrd with boot.wim, etc ?

Sporesirius commented 5 years ago

You can't, but you can boot wimboot? I'm not sure about that anymore. But we could test it out.

Sporesirius commented 5 years ago

As an alternative, take a look at linuxefi support patches I found in the mailing list: http://lists.ipxe.org/pipermail/ipxe-devel/2018-November/006338.html http://lists.ipxe.org/pipermail/ipxe-devel/2018-November/006339.html http://lists.ipxe.org/pipermail/ipxe-devel/2018-November/006340.html http://lists.ipxe.org/pipermail/ipxe-devel/2018-November/006341.html

Please test current wimboot on stock GRUB with linux command and tell if it works. If it doesn't, that's probably a wimboot problem, not GRUB's.

Hello, here I am again, I'm sorry about the delay. The patches working perfectly with SYSLINUX 6.03 EFI https://github.com/Sporesirius/syslinuxefi-wimboot

ValdikSS commented 5 years ago

But it does not work with Grub for some reason. I've contacted the author with several suggestions for the patch (some minor fixes) and reported this problem to him, he has no idea why it does not work.

The easiest fix to me is to patch wimboot to load all files from current directory if it's being loaded via chainloader.

Sporesirius commented 5 years ago

That means that every windows version has its own wimboot?

ValdikSS commented 5 years ago

Yes, as one of possible fixes.

Sporesirius commented 5 years ago

btw. I could chainload my PoC with GRUB 2, there is only a problem I don't come back from syslinux to grub2.

Sporesirius commented 5 years ago

I think the linux command of GRUB 2 causes problems with the patched wimboot.

Sporesirius commented 5 years ago

The easiest fix to me is to patch wimboot to load all files from current directory if it's being loaded via chainloader.

Yes, as one of possible fixes.

We could also pass the paths to wimboot with parameters? for example: chainloader /wimboot /bcd,/boot.sdi,/boot.wim to tell wimboot where the files are.

ValdikSS commented 5 years ago

That should be possible too.

Sporesirius commented 5 years ago

I used the custom GRUB 2 version of CoreOS and could run wimboot with linuxefi, but unfortunately I can't load Windows files into memory with Initrdefi because Initrdefi doesn't seem to understand the newc tag like GRUB 2 BIOS does (I think to load it as a cpio).

This should be the patch

As an example under GRUB 2 BIOS:

    initrd16 newc:bcd:/bcd \
           newc:boot.sdi:/boot.sdi \
           newc:boot.wim:/boot.wim