Advice on Converting an application to EFI

[bazz]

Hi team (or individual)!

Congratulations on converting gdisk to EFI. That's awesome!

I am interested in performing a similar conversion to EFI but for SSH. I want to ask that you please relay your experiences and advice to me; having migrated a linux program to EFI yourself.

I have some general experience with EDK2/EDK and gnuefi, more so with EDK. I learned how to modify the EDK shell's System Table to provide a hook to the ReadKeyStroke function for pre-processing. In my case, to take a screenshot from anywhere in the shell.. Sadly, this stuff is only available on a private wiki.

But I'm hoping you can enlighten me on the process involved for a transition for any general commandline (Mac/Linux/*nix) program to EFI. I understand that porting SSH will require additional steps like networking, which you did not have to do. We can skip that for now (or not :).

By reading the UEFI GPT fdisk readme, I see you created a special libC, is this something I can bring into my own project? Are there any concerns / recommendations here?

I can't think of anything else to ask ATM.

Thank you so much for your support,
bazz

P.S. how would I handle the networking?? I'm a bit intimidated by the idea

[bub'soft]

Hi,

Thank you for the congratulation, converting that program to UEFI was not simple (mostly because it’s written in C++ and that library adds a lot of useless code for a simple use).

Porting SSH to UEFI looks to me like a very big challenge, what comes to my mind now is:

• I never wrote a program using network with UEFI, I can’t tell you how hard it is whatsoever, I found some explanations searching for “writing uefi network device driver” on the Internet;
• The computer will need an IP address just to listen to incoming connexions, using DHCP at this early stage will require writing a UEFI service (UEFI driver) for that (the kind of program that runs and stays in memory), or the logic for builing DHCP packets for initial lease and renewal of IP need to be in your main program. You might find examples of such a code in the various EFI toolkits but I’m so sure;
• The SSH service program itself might have to be written the same way (a UEFI driver): in a running Linux system, “sshd” is the daemon listening to incoming connexions and is written like a service that forks itself for each new session;
• You might need the Tianocore toolkit to build your project, the GNU EFI might be too simple and limited for that use: google for “uefi drivers tianocore” for more information;
• AFAIK UEFI permits only a very simple multitasking (drivers remaining in memory and receiving events while other drivers are doing the same). If UEFI SSHD is written like a normal application, your computer will only be able to serve a single session I guess;
• SSH security uses keys (DSA and/or RSA if I remember well) so these need to be stored somewhere (in the EFI System Partition would probably be the best place but my code does not do files management at all): if the keys change SSH clients usually scream to their user that someone is tampering the connexion;
• Security management to control the identity of the user connecting will also have to be written form the bottom up;
• Now when someone has successfully connected to the computer, remember there is no shell running (no OS has already been loaded) so the available commands for the interactive session will have to be interpreted by your program;
• Or maybe there is a way to fork a UEFI Shell and connect its input and output to the IP socket (like what sshd does). This I don’t know at all, and I don’t even think all computers that have UEFI BIOS have a shell anyway (the Macs probably don’t have as they use a rather old version of UEFI);

As you can see that’s a lot of questions where my knowledge is limited and I don’t know if I can help you much on your project.

Regards,