diff options
| author | Tom Rini <trini@konsulko.com> | 2018-12-03 17:52:40 -0500 |
|---|---|---|
| committer | Tom Rini <trini@konsulko.com> | 2018-12-03 17:52:40 -0500 |
| commit | f388e3bed7318efe97058b673801dda6f563d319 (patch) | |
| tree | ed391f6b8cfad1bc53dabeb7239ffcc716a8ca4e /doc | |
| parent | ec0d0d8742df12a4c0d3e8382b77c0672cd4aab6 (diff) | |
| parent | 1a82b3413cb577cd52cf8a1dc22dd306e4ce0772 (diff) | |
Merge tag 'signed-efi-next' of git://github.com/agraf/u-boot
Patch queue for efi - 2018-12-03
This release is fully packed with lots of glorious improvements in UEFI
land again!
- Make PE images more standards compliant
- Improve sandbox support
- Improve correctness
- Fix RISC-V execution on virt model
- Honor board defined top of ram (fixes a few boards)
- Imply DM USB access when distro boot is available
- Code cleanups
Diffstat (limited to 'doc')
| -rw-r--r-- | doc/README.iscsi | 35 |
1 files changed, 20 insertions, 15 deletions
diff --git a/doc/README.iscsi b/doc/README.iscsi index faee636264..3a12438f90 100644 --- a/doc/README.iscsi +++ b/doc/README.iscsi @@ -1,8 +1,6 @@ -iSCSI booting with U-Boot and iPXE -================================== +# iSCSI booting with U-Boot and iPXE -Motivation ----------- +## Motivation U-Boot has only a reduced set of supported network protocols. The focus for network booting has been on UDP based protocols. A TCP stack and HTTP support @@ -41,8 +39,7 @@ fine grained control of the boot process and can provide a command shell. iPXE can be built as an EFI application (named snp.efi) which can be loaded and run by U-Boot. -Boot sequence -------------- +## Boot sequence U-Boot loads the EFI application iPXE snp.efi using the bootefi command. This application has network access via the simple network protocol offered by @@ -106,19 +103,16 @@ the EFI stub Linux is called as an EFI application:: | | | ~ ~ ~ ~| -Security --------- +## Security The iSCSI protocol is not encrypted. The traffic could be secured using IPsec but neither U-Boot nor iPXE does support this. So we should at least separate the iSCSI traffic from all other network traffic. This can be achieved using a virtual local area network (VLAN). -Configuration -------------- +## Configuration -iPXE -^^^^ +### iPXE For running iPXE on arm64 the bin-arm64-efi/snp.efi build target is needed:: @@ -157,9 +151,20 @@ following into src/config/local/general.h is sufficient for most use cases:: #define DOWNLOAD_PROTO_NFS /* Network File System Protocol */ #define DOWNLOAD_PROTO_FILE /* Local file system access */ -Links ------ +### Open-iSCSI + +When the root file system is on an iSCSI drive you should disable pings and set +the replacement timer to a high value [3]: + + node.conn[0].timeo.noop_out_interval = 0 + node.conn[0].timeo.noop_out_timeout = 0 + node.session.timeo.replacement_timeout = 86400 + +## Links * [1](https://ipxe.org) https://ipxe.org - iPXE open source boot firmware * [2](https://www.gnu.org/software/grub/) https://www.gnu.org/software/grub/ - - GNU GRUB (Grand Unified Bootloader) + GNU GRUB (Grand Unified Bootloader) +* [3](https://github.com/open-iscsi/open-iscsi/blob/master/README) + https://github.com/open-iscsi/open-iscsi/blob/master/README - + Open-iSCSI README |