From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <siyuan.fu@intel.com>
Received-SPF: Pass (sender SPF authorized) identity=mailfrom;
 client-ip=134.134.136.126; helo=mga18.intel.com;
 envelope-from=siyuan.fu@intel.com; receiver=edk2-devel@lists.01.org 
Received: from mga18.intel.com (mga18.intel.com [134.134.136.126])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (No client certificate requested)
 by ml01.01.org (Postfix) with ESMTPS id D8854203BBBBD
 for <edk2-devel@lists.01.org>; Tue, 22 May 2018 23:16:00 -0700 (PDT)
X-Amp-Result: SKIPPED(no attachment in message)
X-Amp-File-Uploaded: False
Received: from fmsmga004.fm.intel.com ([10.253.24.48])
 by orsmga106.jf.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384;
 22 May 2018 23:16:00 -0700
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos;i="5.49,432,1520924400"; d="scan'208";a="56800974"
Received: from fmsmsx103.amr.corp.intel.com ([10.18.124.201])
 by fmsmga004.fm.intel.com with ESMTP; 22 May 2018 23:15:59 -0700
Received: from fmsmsx113.amr.corp.intel.com (10.18.116.7) by
 FMSMSX103.amr.corp.intel.com (10.18.124.201) with Microsoft SMTP Server (TLS)
 id 14.3.319.2; Tue, 22 May 2018 23:15:59 -0700
Received: from shsmsx102.ccr.corp.intel.com (10.239.4.154) by
 FMSMSX113.amr.corp.intel.com (10.18.116.7) with Microsoft SMTP Server (TLS)
 id 14.3.319.2; Tue, 22 May 2018 23:15:59 -0700
Received: from shsmsx103.ccr.corp.intel.com ([169.254.4.210]) by
 shsmsx102.ccr.corp.intel.com ([169.254.2.79]) with mapi id 14.03.0319.002;
 Wed, 23 May 2018 14:15:40 +0800
From: "Fu, Siyuan" <siyuan.fu@intel.com>
To: Sivaraman Nainar <sivaramann@amiindia.co.in>, "edk2-devel@lists.01.org"
 <edk2-devel@lists.01.org>
Thread-Topic: reg: EDK2 - HTTP Boot Image Validation
Thread-Index: AdPuiPtKZoFx+AjgT3urlqJqNYkCywDztnigAADM/JAAAI/ywA==
Date: Wed, 23 May 2018 06:15:40 +0000
Message-ID: <B1FF2E9001CE9041BD10B825821D5BC58B4DBE3F@SHSMSX103.ccr.corp.intel.com>
References: <B4DE137BDB63634BAC03BD9DE765F197021671F75A@VENUS1.in.megatrends.com>
 <B1FF2E9001CE9041BD10B825821D5BC58B4DBCE7@SHSMSX103.ccr.corp.intel.com>
 <B4DE137BDB63634BAC03BD9DE765F1970216721D93@VENUS1.in.megatrends.com>
In-Reply-To: <B4DE137BDB63634BAC03BD9DE765F1970216721D93@VENUS1.in.megatrends.com>
Accept-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
x-ctpclassification: CTP_NT
x-titus-metadata-40: eyJDYXRlZ29yeUxhYmVscyI6IiIsIk1ldGFkYXRhIjp7Im5zIjoiaHR0cDpcL1wvd3d3LnRpdHVzLmNvbVwvbnNcL0ludGVsMyIsImlkIjoiODA3ZDFiYTYtYzgzOC00MzdkLTk1MGMtM2Y1OTAzZmRlMDZhIiwicHJvcHMiOlt7Im4iOiJDVFBDbGFzc2lmaWNhdGlvbiIsInZhbHMiOlt7InZhbHVlIjoiQ1RQX05UIn1dfV19LCJTdWJqZWN0TGFiZWxzIjpbXSwiVE1DVmVyc2lvbiI6IjE3LjEwLjE4MDQuNDkiLCJUcnVzdGVkTGFiZWxIYXNoIjoiOTE0bU1wUUJKUmRSTFlTWjZLQWN3UGg4N1phZUJKVk1aYnYrbjJWdU96d1owVWdRTFAwQVJqMytBZ29xb1RlSiJ9
dlp-product: dlpe-windows
dlp-version: 11.0.200.100
dlp-reaction: no-action
x-originating-ip: [10.239.127.40]
MIME-Version: 1.0
Subject: Re: reg: EDK2 - HTTP Boot Image Validation
X-BeenThere: edk2-devel@lists.01.org
X-Mailman-Version: 2.1.26
Precedence: list
List-Id: EDK II Development  <edk2-devel.lists.01.org>
List-Unsubscribe: <https://lists.01.org/mailman/options/edk2-devel>,
 <mailto:edk2-devel-request@lists.01.org?subject=unsubscribe>
List-Archive: <http://lists.01.org/pipermail/edk2-devel/>
List-Post: <mailto:edk2-devel@lists.01.org>
List-Help: <mailto:edk2-devel-request@lists.01.org?subject=help>
List-Subscribe: <https://lists.01.org/mailman/listinfo/edk2-devel>,
 <mailto:edk2-devel-request@lists.01.org?subject=subscribe>
X-List-Received-Date: Wed, 23 May 2018 06:16:01 -0000
Content-Language: en-US
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

Using standardized HTTP header is high priority, you also mentioned that RF=
C says " If and only if the media type is not given by a Content-Type field=
..."

BestRegards
Fu Siyuan


> -----Original Message-----
> From: Sivaraman Nainar [mailto:sivaramann@amiindia.co.in]
> Sent: Wednesday, May 23, 2018 2:00 PM
> To: Fu, Siyuan <siyuan.fu@intel.com>; edk2-devel@lists.01.org
> Subject: RE: reg: EDK2 - HTTP Boot Image Validation
>=20
> Hello Fu Siyuan,
>=20
> We can skip the header check if we know the image type. That should be
> enough.
>=20
> -Siva
> -----Original Message-----
> From: Fu, Siyuan [mailto:siyuan.fu@intel.com]
> Sent: Wednesday, May 23, 2018 11:14 AM
> To: Sivaraman Nainar; edk2-devel@lists.01.org
> Subject: RE: reg: EDK2 - HTTP Boot Image Validation
>=20
> Hi, Siva
>=20
> What do you mean by "skip the validation of image types"? Do you want to
> skip the "Content-type" HTTP header check, or name extension check, or
> both of them?
>=20
>=20
> BestRegards
> Fu Siyuan
>=20
> > -----Original Message-----
> > From: edk2-devel [mailto:edk2-devel-bounces@lists.01.org] On Behalf Of
> > Sivaraman Nainar
> > Sent: Friday, May 18, 2018 5:17 PM
> > To: edk2-devel@lists.01.org
> > Subject: [edk2] reg: EDK2 - HTTP Boot Image Validation
> >
> > Hello all,
> > When HTTP Boot performed the code checking if the Image type as EFI
> > ISO and IMG. If not the boot not when the content type is as
> > "Content-type: text/plain".
> > https://github.com/tianocore/edk2/blob/master/NetworkPkg/HttpBootDxe/H
> > ttpB ootSupport.c (HttpBootCheckImageType())
> >
> > But as per RFC it described below.
> > https://tools.ietf.org/html/rfc2616#section-7.2.1:
> > "If and only if the media type is not given by a Content-Type field,
> > the recipient MAY attempt to guess the media type via inspection of
> > its content and/or the name extension(s) of the URI used to identify
> > the resource."
> > Can you please comment if this need to be addressed such a way we can
> > skip the validation of image types.
> > -Siva
> > _______________________________________________
> > edk2-devel mailing list
> > edk2-devel@lists.01.org
> > https://lists.01.org/mailman/listinfo/edk2-devel