Re: Remotely choose a menu entry

[Jonathan McCune]

Some half-baked thoughts:

On Mon, Dec 1, 2014 at 4:03 AM, Brugnara Daniele <address@hidden> wrote:

You have simply misunderstood me. I'm trying to explain deeply :)

When grub starts, it asks for a choice, lets take this, as an example:

1) Linux

2) Linux (mem test ecc)

3) Windows 7

4) Windows Server 2000

I want grub to listen for an encrypted UDP packet that emulate an human choice.

Continuing the example:

1) send a WOL to aa:bb:cc:dd:ee:ff

2) start an UDP loop to the same mac address, to start the 3rd grub menu' choice (in this example, windows 7)

This "push" model doesn't seem like a good idea to me. I would suggest configuring GRUB to query (perhaps HTTP GET) something centralized, from which it can read an index (0-3, or 1-4, or whatever) or a label ("Windows Server 2000", etc). Then, the machine can boot upon receiving WOL, and then execute its local configuration file. Depending on your threat model, it might even be fine not to authenticate the central server, if their behavior is confined to selecting from among existing entries.

I haven't played with GRUB's network-aware capabilities, but the .cfg file language is likely expressive enough to do something like this. If a new command is needed, I suggest something like a constrained assignment to an environment variable. E.g., net_load_env_or_timeout LABEL_FROM_NET 10 example.com:8080

The idea being that the command will either timeout after 10 seconds, fail because example.com:8080 returned something nonsensical, or assign a new value to LABEL_FROM_NET. HTTP GET over TCP as the network protocol. Typical GRUB scripting can then be used depending on the value of $LABEL_FROM_NET (it would select from among the entries in the list, or fail). You can also work in one-time boot / savedefault, etc. Mimic the existing load_env functionality as much as possible.

If everything fails, then fallback to the local menu as usual.

3) when grub receives that UDP packet, successfully decrypts it and it is sure that this packet is trusted (rsa or what you want), selects that menu choice

If you want to authenticate I encourage you to stick with the existing OpenPGP (RFC4880) functionality. Maybe net_authenticated_load_env_or_timeout, where the requests are just http GETs and a signature over the possible new environment file, and a detached signature file.

4) grub boots the selected item.

No files are passed in any way. I'm telling GRUB to boot a specific and preconfigured entry. 

I think the proposed "simplification" of not passing files is not actually a simplification. Not passing files full of executable code is good. But passing a little file foo.cfg with some VAR_NAME="some value", with perhaps also a foo.cfg.sig sitting on the fileserver, where the .cfg file will only lead to setting environment variables if it is properly signed, and even then only set whitelisted variables, seems promising.

In the UDP packet, I'm thinking to insert a grub command line. This is very similar to pressing E when grub asks what to do at boot.

I don't think it is the best choice to mimic user input. It is much safer to select from among existing entries.

 

I'm not sure of why you have wrote about kernel files. I never wrote about sending files because this should be done by a PXE or bootp but this is NOT my goal.

Another very useful thing, should be that GRUB sends an encrypted UDP packet with his menu configuration in order to do a reasonable choice from a third party application.

Many thanks for your time.

Daniele.

_______________________________________________
Grub-devel mailing list
address@hidden
https://lists.gnu.org/mailman/listinfo/grub-devel