From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <sivaramann@amiindia.co.in>
Received-SPF: None (no SPF record) identity=mailfrom; client-ip=203.199.198.232;
 helo=imsva.in.megatrends.com; envelope-from=sivaramann@amiindia.co.in;
 receiver=edk2-devel@lists.01.org 
Received: from IMSVA.IN.MEGATRENDS.COM (Webmail.amiindia.co.in
 [203.199.198.232])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (No client certificate requested)
 by ml01.01.org (Postfix) with ESMTPS id 9D8C0207E36B8
 for <edk2-devel@lists.01.org>; Tue, 22 May 2018 23:00:16 -0700 (PDT)
Received: from IMSVA.IN.MEGATRENDS.COM (IMSVA.IN.MEGATRENDS.COM [127.0.0.1])
 by IMSVA (Postfix) with ESMTP id 17E1282047;
 Wed, 23 May 2018 11:34:17 +0530 (IST)
Received: from IMSVA.IN.MEGATRENDS.COM (IMSVA.IN.MEGATRENDS.COM [127.0.0.1])
 by IMSVA (Postfix) with ESMTP id 0B75B82046;
 Wed, 23 May 2018 11:34:17 +0530 (IST)
Received: from webmail.amiindia.co.in (venus2.in.megatrends.com [10.0.0.7])
 by IMSVA.IN.MEGATRENDS.COM (Postfix) with ESMTPS;
 Wed, 23 May 2018 11:34:17 +0530 (IST)
Received: from VENUS1.in.megatrends.com ([fe80::951:7975:6ecf:eae5]) by
 Venus2.in.megatrends.com ([fe80::2002:4a07:4f17:c09b%14]) with mapi id
 14.03.0248.002; Wed, 23 May 2018 11:30:10 +0530
From: Sivaraman Nainar <sivaramann@amiindia.co.in>
To: "Fu, Siyuan" <siyuan.fu@intel.com>, "edk2-devel@lists.01.org"
 <edk2-devel@lists.01.org>
Thread-Topic: reg: EDK2 - HTTP Boot Image Validation
Thread-Index: AdPuiPtKZoFx+AjgT3urlqJqNYkCywDztnigAADM/JA=
Date: Wed, 23 May 2018 06:00:08 +0000
Message-ID: <B4DE137BDB63634BAC03BD9DE765F1970216721D93@VENUS1.in.megatrends.com>
References: <B4DE137BDB63634BAC03BD9DE765F197021671F75A@VENUS1.in.megatrends.com>
 <B1FF2E9001CE9041BD10B825821D5BC58B4DBCE7@SHSMSX103.ccr.corp.intel.com>
In-Reply-To: <B1FF2E9001CE9041BD10B825821D5BC58B4DBCE7@SHSMSX103.ccr.corp.intel.com>
Accept-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
x-originating-ip: [10.0.3.97]
MIME-Version: 1.0
X-TM-AS-GCONF: 00
X-TM-AS-Product-Ver: IMSVA-9.1.0.1817-8.2.0.1013-23860.005
X-TM-AS-Result: No--11.045-5.0-31-10
X-imss-scan-details: No--11.045-5.0-31-10
X-TMASE-Version: IMSVA-9.1.0.1817-8.2.1013-23860.005
X-TMASE-Result: 10--11.045300-10.000000
X-TMASE-MatchedRID: +c13yJDs903t6o7EgHeSsU1Wvi92YKnO4SkIdSwphgZuOzObMX3aCMor
 jwBrxeHePwci7cdl7Ycww1oN3FdM+BM9Fd6tjRLjnVTWWiNp+v9bUMPBWMyETmWY8/9ecYQuXvb
 V/VnUv0ruX/km0O1YYB5hmP6OM/PJQ6tklRJO9ijAuFFGa+JUhfoA9r2LThYYKrauXd3MZDVcW8
 GEjkeDziwE8qaW++YBDLQI3lTXWCateRjzSRQbbhgHwYP9pXZtKuh/cYMizaD3gn2CHwoVSSrkJ
 okWAg6eJiepxwuKBWcinF4k4qfRx9vQudwJa1UEbiWMdLprM/mbjP55bWdtQQ4yUaTIh8Kn
X-TMASE-SNAP-Result: 1.821001.0001-0-1-12:0,22:0,33:0,34:0-0
Subject: Re: reg: EDK2 - HTTP Boot Image Validation
X-BeenThere: edk2-devel@lists.01.org
X-Mailman-Version: 2.1.26
Precedence: list
List-Id: EDK II Development  <edk2-devel.lists.01.org>
List-Unsubscribe: <https://lists.01.org/mailman/options/edk2-devel>,
 <mailto:edk2-devel-request@lists.01.org?subject=unsubscribe>
List-Archive: <http://lists.01.org/pipermail/edk2-devel/>
List-Post: <mailto:edk2-devel@lists.01.org>
List-Help: <mailto:edk2-devel-request@lists.01.org?subject=help>
List-Subscribe: <https://lists.01.org/mailman/listinfo/edk2-devel>,
 <mailto:edk2-devel-request@lists.01.org?subject=subscribe>
X-List-Received-Date: Wed, 23 May 2018 06:00:17 -0000
Content-Language: en-US
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

Hello Fu Siyuan,

We can skip the header check if we know the image type. That should be enou=
gh.

-Siva
-----Original Message-----
From: Fu, Siyuan [mailto:siyuan.fu@intel.com]=20
Sent: Wednesday, May 23, 2018 11:14 AM
To: Sivaraman Nainar; edk2-devel@lists.01.org
Subject: RE: reg: EDK2 - HTTP Boot Image Validation

Hi, Siva

What do you mean by "skip the validation of image types"? Do you want to sk=
ip the "Content-type" HTTP header check, or name extension check, or both o=
f them?


BestRegards
Fu Siyuan

> -----Original Message-----
> From: edk2-devel [mailto:edk2-devel-bounces@lists.01.org] On Behalf Of=20
> Sivaraman Nainar
> Sent: Friday, May 18, 2018 5:17 PM
> To: edk2-devel@lists.01.org
> Subject: [edk2] reg: EDK2 - HTTP Boot Image Validation
>=20
> Hello all,
> When HTTP Boot performed the code checking if the Image type as EFI=20
> ISO and IMG. If not the boot not when the content type is as
> "Content-type: text/plain".
> https://github.com/tianocore/edk2/blob/master/NetworkPkg/HttpBootDxe/H
> ttpB ootSupport.c (HttpBootCheckImageType())
>=20
> But as per RFC it described below.
> https://tools.ietf.org/html/rfc2616#section-7.2.1:
> "If and only if the media type is not given by a Content-Type field,=20
> the recipient MAY attempt to guess the media type via inspection of=20
> its content and/or the name extension(s) of the URI used to identify=20
> the resource."
> Can you please comment if this need to be addressed such a way we can=20
> skip the validation of image types.
> -Siva
> _______________________________________________
> edk2-devel mailing list
> edk2-devel@lists.01.org
> https://lists.01.org/mailman/listinfo/edk2-devel