From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received-SPF: Pass (sender SPF authorized) identity=mailfrom; client-ip=134.134.136.126; helo=mga18.intel.com; envelope-from=siyuan.fu@intel.com; receiver=edk2-devel@lists.01.org Received: from mga18.intel.com (mga18.intel.com [134.134.136.126]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id D8854203BBBBD for ; Tue, 22 May 2018 23:16:00 -0700 (PDT) X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from fmsmga004.fm.intel.com ([10.253.24.48]) by orsmga106.jf.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 22 May 2018 23:16:00 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.49,432,1520924400"; d="scan'208";a="56800974" Received: from fmsmsx103.amr.corp.intel.com ([10.18.124.201]) by fmsmga004.fm.intel.com with ESMTP; 22 May 2018 23:15:59 -0700 Received: from fmsmsx113.amr.corp.intel.com (10.18.116.7) by FMSMSX103.amr.corp.intel.com (10.18.124.201) with Microsoft SMTP Server (TLS) id 14.3.319.2; Tue, 22 May 2018 23:15:59 -0700 Received: from shsmsx102.ccr.corp.intel.com (10.239.4.154) by FMSMSX113.amr.corp.intel.com (10.18.116.7) with Microsoft SMTP Server (TLS) id 14.3.319.2; Tue, 22 May 2018 23:15:59 -0700 Received: from shsmsx103.ccr.corp.intel.com ([169.254.4.210]) by shsmsx102.ccr.corp.intel.com ([169.254.2.79]) with mapi id 14.03.0319.002; Wed, 23 May 2018 14:15:40 +0800 From: "Fu, Siyuan" To: Sivaraman Nainar , "edk2-devel@lists.01.org" Thread-Topic: reg: EDK2 - HTTP Boot Image Validation Thread-Index: AdPuiPtKZoFx+AjgT3urlqJqNYkCywDztnigAADM/JAAAI/ywA== Date: Wed, 23 May 2018 06:15:40 +0000 Message-ID: References: In-Reply-To: Accept-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-ctpclassification: CTP_NT x-titus-metadata-40: eyJDYXRlZ29yeUxhYmVscyI6IiIsIk1ldGFkYXRhIjp7Im5zIjoiaHR0cDpcL1wvd3d3LnRpdHVzLmNvbVwvbnNcL0ludGVsMyIsImlkIjoiODA3ZDFiYTYtYzgzOC00MzdkLTk1MGMtM2Y1OTAzZmRlMDZhIiwicHJvcHMiOlt7Im4iOiJDVFBDbGFzc2lmaWNhdGlvbiIsInZhbHMiOlt7InZhbHVlIjoiQ1RQX05UIn1dfV19LCJTdWJqZWN0TGFiZWxzIjpbXSwiVE1DVmVyc2lvbiI6IjE3LjEwLjE4MDQuNDkiLCJUcnVzdGVkTGFiZWxIYXNoIjoiOTE0bU1wUUJKUmRSTFlTWjZLQWN3UGg4N1phZUJKVk1aYnYrbjJWdU96d1owVWdRTFAwQVJqMytBZ29xb1RlSiJ9 dlp-product: dlpe-windows dlp-version: 11.0.200.100 dlp-reaction: no-action x-originating-ip: [10.239.127.40] MIME-Version: 1.0 Subject: Re: reg: EDK2 - HTTP Boot Image Validation X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.26 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 23 May 2018 06:16:01 -0000 Content-Language: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Using standardized HTTP header is high priority, you also mentioned that RF= C says " If and only if the media type is not given by a Content-Type field= ..." BestRegards Fu Siyuan > -----Original Message----- > From: Sivaraman Nainar [mailto:sivaramann@amiindia.co.in] > Sent: Wednesday, May 23, 2018 2:00 PM > To: Fu, Siyuan ; edk2-devel@lists.01.org > Subject: RE: reg: EDK2 - HTTP Boot Image Validation >=20 > Hello Fu Siyuan, >=20 > We can skip the header check if we know the image type. That should be > enough. >=20 > -Siva > -----Original Message----- > From: Fu, Siyuan [mailto:siyuan.fu@intel.com] > Sent: Wednesday, May 23, 2018 11:14 AM > To: Sivaraman Nainar; edk2-devel@lists.01.org > Subject: RE: reg: EDK2 - HTTP Boot Image Validation >=20 > Hi, Siva >=20 > What do you mean by "skip the validation of image types"? Do you want to > skip the "Content-type" HTTP header check, or name extension check, or > both of them? >=20 >=20 > BestRegards > Fu Siyuan >=20 > > -----Original Message----- > > From: edk2-devel [mailto:edk2-devel-bounces@lists.01.org] On Behalf Of > > Sivaraman Nainar > > Sent: Friday, May 18, 2018 5:17 PM > > To: edk2-devel@lists.01.org > > Subject: [edk2] reg: EDK2 - HTTP Boot Image Validation > > > > Hello all, > > When HTTP Boot performed the code checking if the Image type as EFI > > ISO and IMG. If not the boot not when the content type is as > > "Content-type: text/plain". > > https://github.com/tianocore/edk2/blob/master/NetworkPkg/HttpBootDxe/H > > ttpB ootSupport.c (HttpBootCheckImageType()) > > > > But as per RFC it described below. > > https://tools.ietf.org/html/rfc2616#section-7.2.1: > > "If and only if the media type is not given by a Content-Type field, > > the recipient MAY attempt to guess the media type via inspection of > > its content and/or the name extension(s) of the URI used to identify > > the resource." > > Can you please comment if this need to be addressed such a way we can > > skip the validation of image types. > > -Siva > > _______________________________________________ > > edk2-devel mailing list > > edk2-devel@lists.01.org > > https://lists.01.org/mailman/listinfo/edk2-devel