UEFI Application for x86 64bit - 316 bytes

[mebeim]

---BEGIN BGGPx---
Submit Date: 2024-07-21
BGGP Challenge Number: 5
Author: @mebeim
Contact Info (Optional): 
Online Presence (Website/Social Media): https://mebeim.net
Target File Type: UEFI Application (Portable Executable binary)
File Size: 316 bytes
SHA256 Hash: 65b87dcd644d85a4907258436a8419c9ecf5bf3fc483a8a7d63c307ad377ab96
Target Environment (How do we run the file?):
  As you will need UEFI with network and HTTP+TLS support, it is not that simple.
  I wrote detailed instructions here: https://github.com/mebeim/bggp/blob/master/uefi/README.md
  See the "Building" and "Running" section in particular.
Any additional info?: Tested on QEMU 7.2.11 and 9.0.0, Debian 12, EDK II OVMF edk2-stable202405
Link to PoC video, screenshot, or console output, if any: https://github.com/mebeim/bggp
Link to writeup, if any: https://github.com/mebeim/bggp
File contents (base64 encoded please):
TVoAAVBFAABkhgEA/1EIg8chif4xyesGoAAGAgsCsRgBz/ysZqvi+1ZQ6zDkAAAAQkdHUABNRUJF
SU0ABAAAAAQAAAD/UyCLH1RQ/8BQidmJ4uu4ABAAAOQAAACJ4et0CgBQidmJ4v9REIni/w6D7HiJ
ZgiJ2f9RIInmMcmxOma6+AP8827r/gYAAAAx0kmJ4P+TyAAAAIsMJFCJ4v8Riwwkg8cQifpJifjr
mAAAAAAAAAAAAAAAAAAAAAD/wFBRVFDrnlgEAADkAAAAWAAAAOQAAACD71lXg8cMV4niUInmUuvY
i1pgg8N4jT0EAAAAifnrmK/myL282XlDpyrgxOddrhybsll6C5FxQYJCqFoN8ltbYmluYXJ5Lmdv
bGYASG9zdABodHRwczovL2JpbmFyeS5nb2xmLzUvNQ==
---END BGGPx---

Sorry but unfortunately the setup is not so easy as it requires UEFI firmware with HTTPS + TLS support, so I opted to provide a (hopefully) straightforward way to build and run your own EDK II OVMF firmware with QEMU using Docker (see instructions at the link provided above). Please do not hesitate to ping me if there are any issues.

Update 2024-09-04: writeup added in the repo linked above!

[netspooky]

Hello! Apologies for the late reply on this, but I am unable to build the dockerfile at the moment due to a submodule issue with the build system. We might have to fix up the submodules because one of them appears to be private. Here is the output. I am looking into it but I wanted to let you know! If you have had this error before and have any fixes that would be appreciated. Thank you!!

$ DOCKER_BUILDKIT=1 docker build . --target release --output type=local,dest=build
[+] Building 38.7s (9/23)                                                                                    docker:default
 => [internal] load build definition from Dockerfile                                                                   0.2s
 => => transferring dockerfile: 2.74kB                                                                                 0.0s
 => [internal] load metadata for docker.io/library/debian:12                                                           0.7s
 => [internal] load .dockerignore                                                                                      0.2s
 => => transferring context: 2B                                                                                        0.0s
 => [builder  1/18] FROM docker.io/library/debian:12@sha256:321341744acb788e251ebd374aecc1a42d60ce65da7bd4ee9207ff6be  0.0s
 => [internal] load build context                                                                                      0.4s
 => => transferring context: 875B                                                                                      0.0s
 => CACHED [builder  2/18] RUN apt-get update && apt-get install -y git binutils gcc g++ make nasm iasl  libc6-dev uu  0.0s
 => CACHED [builder  3/18] RUN mkdir /build                                                                            0.0s
 => CACHED [builder  4/18] WORKDIR /build                                                                              0.0s
 => ERROR [builder  5/18] RUN git clone --depth 1 --single-branch --branch edk2-stable202405  --recursive --shallow-  36.5s
------                                                                                                                      
 > [builder  5/18] RUN git clone --depth 1 --single-branch --branch edk2-stable202405   --recursive --shallow-submodules https://github.com/tianocore/edk2.git:                                                                                         
1.203 Cloning into 'edk2'...                                                                                                
11.13 Note: switching to '3e722403cd16388a0e4044e705a2b34c841d76ca'.                                                        
11.13                                                                                                                       
11.13 You are in 'detached HEAD' state. You can look around, make experimental
11.13 changes and commit them, and you can discard any commits you make in this
11.13 state without impacting any branches by switching back to a branch.
11.13 
11.13 If you want to create a new branch to retain commits you create, you may
11.13 do so (now or later) by using -c with the switch command. Example:
11.13 
11.13   git switch -c <new-branch-name>
11.13 
11.13 Or undo this operation with:
11.13 
11.13   git switch -
11.13 
11.13 Turn off this advice by setting config variable advice.detachedHead to false
11.13 
11.84 Submodule 'SoftFloat' (https://github.com/ucb-bar/berkeley-softfloat-3.git) registered for path 'ArmPkg/Library/ArmSoftFloatLib/berkeley-softfloat-3'
11.84 Submodule 'BaseTools/Source/C/BrotliCompress/brotli' (https://github.com/google/brotli) registered for path 'BaseTools/Source/C/BrotliCompress/brotli'
11.84 Submodule 'CryptoPkg/Library/MbedTlsLib/mbedtls' (https://github.com/ARMmbed/mbedtls) registered for path 'CryptoPkg/Library/MbedTlsLib/mbedtls'
11.84 Submodule 'CryptoPkg/Library/OpensslLib/openssl' (https://github.com/openssl/openssl) registered for path 'CryptoPkg/Library/OpensslLib/openssl'
11.84 Submodule 'MdeModulePkg/Library/BrotliCustomDecompressLib/brotli' (https://github.com/google/brotli) registered for path 'MdeModulePkg/Library/BrotliCustomDecompressLib/brotli'
11.84 Submodule 'MdeModulePkg/Universal/RegularExpressionDxe/oniguruma' (https://github.com/kkos/oniguruma) registered for path 'MdeModulePkg/Universal/RegularExpressionDxe/oniguruma'
11.84 Submodule 'MdePkg/Library/BaseFdtLib/libfdt' (https://github.com/devicetree-org/pylibfdt.git) registered for path 'MdePkg/Library/BaseFdtLib/libfdt'
11.84 Submodule 'MdePkg/Library/MipiSysTLib/mipisyst' (https://github.com/MIPI-Alliance/public-mipi-sys-t.git) registered for path 'MdePkg/Library/MipiSysTLib/mipisyst'
11.84 Submodule 'RedfishPkg/Library/JsonLib/jansson' (https://github.com/akheron/jansson) registered for path 'RedfishPkg/Library/JsonLib/jansson'
11.84 Submodule 'SecurityPkg/DeviceSecurity/SpdmLib/libspdm' (https://github.com/DMTF/libspdm.git) registered for path 'SecurityPkg/DeviceSecurity/SpdmLib/libspdm'
11.84 Submodule 'UnitTestFrameworkPkg/Library/CmockaLib/cmocka' (https://github.com/tianocore/edk2-cmocka.git) registered for path 'UnitTestFrameworkPkg/Library/CmockaLib/cmocka'
11.84 Submodule 'UnitTestFrameworkPkg/Library/GoogleTestLib/googletest' (https://github.com/google/googletest.git) registered for path 'UnitTestFrameworkPkg/Library/GoogleTestLib/googletest'
11.84 Submodule 'UnitTestFrameworkPkg/Library/SubhookLib/subhook' (https://github.com/Zeex/subhook.git) registered for path 'UnitTestFrameworkPkg/Library/SubhookLib/subhook'
11.85 Cloning into '/build/edk2/ArmPkg/Library/ArmSoftFloatLib/berkeley-softfloat-3'...
12.52 Cloning into '/build/edk2/BaseTools/Source/C/BrotliCompress/brotli'...
16.56 Cloning into '/build/edk2/CryptoPkg/Library/MbedTlsLib/mbedtls'...
17.26 Cloning into '/build/edk2/CryptoPkg/Library/OpensslLib/openssl'...
21.67 Cloning into '/build/edk2/MdeModulePkg/Library/BrotliCustomDecompressLib/brotli'...
25.90 Cloning into '/build/edk2/MdeModulePkg/Universal/RegularExpressionDxe/oniguruma'...
26.58 Cloning into '/build/edk2/MdePkg/Library/BaseFdtLib/libfdt'...
27.03 Cloning into '/build/edk2/MdePkg/Library/MipiSysTLib/mipisyst'...
27.60 Cloning into '/build/edk2/RedfishPkg/Library/JsonLib/jansson'...
28.15 Cloning into '/build/edk2/SecurityPkg/DeviceSecurity/SpdmLib/libspdm'...
29.18 Cloning into '/build/edk2/UnitTestFrameworkPkg/Library/CmockaLib/cmocka'...
29.60 Cloning into '/build/edk2/UnitTestFrameworkPkg/Library/GoogleTestLib/googletest'...
30.23 Cloning into '/build/edk2/UnitTestFrameworkPkg/Library/SubhookLib/subhook'...
30.45 fatal: could not read Username for 'https://github.com': No such device or address
30.45 fatal: clone of 'https://github.com/Zeex/subhook.git' into submodule path '/build/edk2/UnitTestFrameworkPkg/Library/SubhookLib/subhook' failed
30.45 Failed to clone 'UnitTestFrameworkPkg/Library/SubhookLib/subhook'. Retry scheduled
30.46 Cloning into '/build/edk2/UnitTestFrameworkPkg/Library/SubhookLib/subhook'...
30.70 fatal: could not read Username for 'https://github.com': No such device or address
30.70 fatal: clone of 'https://github.com/Zeex/subhook.git' into submodule path '/build/edk2/UnitTestFrameworkPkg/Library/SubhookLib/subhook' failed
30.70 Failed to clone 'UnitTestFrameworkPkg/Library/SubhookLib/subhook' a second time, aborting
------
Dockerfile:23
--------------------
  22 |     
  23 | >>> RUN git clone --depth 1 --single-branch --branch ${EDK2_TAG} \
  24 | >>> 	--recursive --shallow-submodules https://github.com/tianocore/edk2.git
  25 |     	WORKDIR /build/edk2
--------------------
ERROR: failed to solve: process "/bin/sh -c git clone --depth 1 --single-branch --branch ${EDK2_TAG} \t--recursive --shallow-submodules https://github.com/tianocore/edk2.git" did not complete successfully: exit code: 1

[mebeim]

Hello there @netspooky thanks for reviewing. Seems like older EDK II stable releases have a submodule that does not exist anymore as dependency. I have updated the Dockerfile in my repository to use the tag edk2-stable202411 and I have verified everything works correctly with QEMU 9.0.0 built from source as specified in my README (for some reason current Debian 12 QEMU 7.2.15 was not working correctly with iPXE hanging up).

Let me know if there is any other issue.

[netspooky]

Thank you so much! I will test tonight. Your writeup is very helpful and well written! I appreciate that.