Quantcast
Channel: iPXE discussion forum - All Forums
Viewing all 1484 articles
Browse latest View live

ipxe writing in a UEFI variable

November 9, 2018, 5:55 am
$
0
0
Hi,

we trying to secure our network boot environment with UEFI secure boot. Because of that we put kernel, initrd and cmdlin in one big file with objcopy. Therefore we can't use ipxe for dynamically fill up some cmdline parameter, for example ip=${net0/ip}

Is there a way to write the value of ip=${net0/ip} in a UEFI variable, so that during boot the client don't have to do another DHCP handshake?
Search

iPXE function

November 8, 2018, 11:37 pm
$
0
0
Hello
Please excuse my naivety as I ask questions about iPXE software I know very little about.
May I ask whether the default configuration is a iPXE CD is needed to first to boot a computer? Or are iPXE files saved to the server?

I have a Thecus NAS which is running a 3rd party PXE mod. Therefore there is now a TFTP folder for me to load all the files I need to deploy Windows across my network using wimboot eventually. However following the instructions has lead to me to think I would have to boot with a iPXE CD every time.

Richard

UEFI Boot Looping While Initializing Devices

November 9, 2018, 12:56 pm
$
0
0
Hello,

I am running a test server, attempting to boot both BIOS and EFI clients. My test client is a Dell Optiplex 9010. I can serve and boot to undionly.kpxe exactly as expected, but, when I boot to any of the efi binaries that I'm aware of (ipxe.efi, snponly.efi, realtek.efi, snp.efi), it fails.

With all of the above mentioned except realtek.efi, the boot hangs at "iPXE initializing devices" with iPXE attempting and failing to start NII and SNP drivers in an infinite loop, as shown in the included picture. When searching for answers for this, I find a somewhat related post here: http://forum.ipxe.org/showthread.php?tid=7877.

When I boot with the realtek binary, it immediately loads and displays the Ctrl-B prompt reports "No network devices" and sends me back to the boot menu.

Thanks for your time,
real

Official github repository

November 12, 2018, 9:49 am
$
0
0
Could a core developer please confirm that the official github mirror is https://github.com/ipxe/ipxe?

I tried looking for that info in the forums and main site, but couldn't find it. Perhaps it would make sense to add it to the FAQ or Download tabs of ipxe.org.

Thanks.

Special characters in cmdline

November 19, 2018, 12:53 am
$
0
0
Hi,

I am trying to load a module whose command line contains "&&". Unfortunately, I could not find a way to convince iPXE to just pass this cmdline, instead it interprets the ampersands as part of the script. Is there any way to work around that, something like escape characters?

If I enclose the entire command line in quotes, it also does not work, because then those quotes are actually part of the cmdline, which confuses the module.

Any help is appreciated Smile
parthy

iSCSI hook and IOMMU

November 19, 2018, 5:38 am
$
0
0
I've observed issues when using iSCSI sanhook in conjunction with the IOMMU. When the loaded kernel enables the IOMMU, the traffic caused by the iSCSI hook eventually causes DMA faults, because the NIC uses DMA regions that are not registered anywhere.

Since iPXE acts like a kind of firmware in this case, shouldn't it register the NIC and corresponding memory regions in the RMRRs?

Current state of SecureBoot support

November 19, 2018, 6:19 am
$
0
0
Can someone enlighten me regarding the current state of secure-boot support in iPXE?

I need to boot clonezilla from the network with SB enabled on the machine (to be more specific, I don't care for security, I only need SB to test software on Windows on that machine). With SB enabled in firmware ("BIOS") setup, clonezilla (alternative-stable-amd64, version 20180812) boots from a flash drive, and iPXE loads and shows menu from the network. But trying to boot the same clonezilla version from iPXE results in error 0x7f04818f.
What am I missing?

EDIT: After googling around a bit, I've come with the following understanding:
  • Since the machine is in stock configuration, its firmware will only accept boot images signed with MS key.
  • The reason booting from a flash drive works is because the shim that is loaded is signed by the above, but the kernel itself (and initrd, presumably) is not, and iPXE tries to load these directly.
  • Ubuntu's SB implementation uses the shim to verify Canonical's signature on the kernel.

From here, I would try to check what signature is on the clonezilla-alt kernel (Maybe canonical's? Maybe not..), and add keys for those into the firmware DB. Or is there another, simpler way? (I'd like to avoid rolling my own CA and having to sign everything.)

pxelinux.0 EFI equivalent? Booting to menus for EFI-clients

November 2, 2018, 7:26 am
$
0
0
Hello! I'm having some trouble booting to menus with my EFI-clients. I'm new to EFI and can't figure out how to adapt my current setup.

Running on CentOS 7.5 using latest syslinux and iPXE.

I embedded this script and compiled the ipxe.efi:
Code:
#!ipxe

dhcp
chain http://10.0.0.3/boot.php

Relevant config for isc-dhcp-server. I have activated all of the "option space ipxe" options:
Code:
#EFI 32 & 64bit
class "UEFI-32-1" {
    match if substring(option vendor-class-identifier, 0, 20) = "PXEClient:Arch:00006";
    filename "gpxe/ipexe.efi";
  }

  class "UEFI-64-1" {
    match if substring(option vendor-class-identifier, 0, 20) = "PXEClient:Arch:00007";
    filename "gpxe/ipxe.efi";
  }

#BIOS
  if not exists ipxe.bus-id {
    filename "gpxe/undionly.kpxe";
  } else {
    filename "http://10.0.0.3/boot.php";
  }

The boot.php chains boot2.php to match the MAC-address with mysql and decide to either sanboot, load the default menu or load the menu to restore/capture an image:
PHP Code:
<?php
echo "#!ipxe\n";
echo "chain ".
"http://".$_SERVER["SERVER_NAME"].
dirname$_SERVER["REQUEST_URI"] ).
"boot2.php?mac=\${net0/mac}\n";
?>
boot2.php:
PHP Code:
--snip--

if($restore->num_rows 0){
        echo "#!ipxe\n";
        echo "set 209:string http://10.0.0.3/boot/pxelinux.cfg/restore\n";
        echo "set 210:string http://10.0.0.3/boot/\n";
        echo "chain http://10.0.0.3/boot/pxelinux.0\n";
}


if($sanboot->num_rows == '0' && $restore->num_rows == '0' ){
        echo "#!ipxe\n";
        echo "set 209:string http://10.0.0.3/boot/pxelinux.cfg/default\n";
        echo "set 210:string http://10.0.0.3/boot/\n";
        echo "chain http://10.0.0.3/boot/pxelinux.0\n";


This works perfectly with BIOS-clients, but obviously not with EFI-clients.

I made a test menu as per the wiki:

Code:
menu
  item linux    Boot Linux
  item shell    Enter iPXE shell
  item exit     Exit to BIOS
  choose --default exit --timeout 3000 target && goto ${target}

Trying this makes the VM crash:

PHP Code:
if($sanboot->num_rows == '0' && $restore->num_rows == '0' ){
        echo "#!ipxe\n";
        echo "set 209:string http://10.0.0.3/boot/pxelinux.cfg/default.efi\n";
        echo "set 210:string http://10.0.0.3/boot/\n";
        echo "chain http://10.0.0.3/boot/syslinux.efi\n";


This results in error 2e008081:

PHP Code:
if($boot->num_rows == '0' && $restore->num_rows == '0' ){
        echo "#!ipxe\n";
        echo "set 209:string http://10.0.0.3/boot/pxelinux.cfg/default.efi\n";
        echo "set 210:string http://10.0.0.3/boot/\n";
        echo "chain http://10.0.0.3/boot/ldlinux.c32\n";


So i think biggest problem is I can't figure out how to boot to menus for EFI-clients.

This works ok, but results in kernel panic I guess because it does not use the bootx64.efi:

PHP Code:
if($sanboot->num_rows == '0' && $restore->num_rows == '0' ){
        echo "#!ipxe\n";
        echo "kernel http://10.0.0.3/boot/linux/clonezilla/vmlinuz\n";
        echo "initrd http://10.0.0.3/boot/linux/clonezilla/initrd.img boot=live hostname=oneiric config quiet noswap nolocales edd=on nomodeset ocs_live_run='ocs-live-general' ocs_live_extra_param='' keyboard-layouts='SE' ocs_live_batch='no' ocs_lang='' video=uvesafb:mode_option=640x480-16 ip=frommedia  fetch=http://10.0.0.3/boot/linux/clonezilla/filesystem.squashfs\n";
        echo "boot\n";


I bet it's something really basic, but I don't know what to do.

Thanks!
Search

When I customize it with IPXE, PCBIOS can boot, but UEFI still keep bootlogo

November 12, 2018, 2:05 am
$
0
0
When I customize it with IPXE, PCBIOS can boot, but UEFI loaded bootx64.efi then still keep bootlogo, i don't know what to do

iPXE efi to chainboot

November 19, 2018, 9:22 am
$
0
0
So, ultimately I'm trying to get a Macbook Pro to download a windows image from my custom DHCP/TFTP server. I can distinguish macs, and get them to download a file to boot from. Downloading the windows bootloader EFI directly isn't working, so tried grubnetx64.efi and now ipxe.


So, I created an efi using the steps here:
https://doc.rogerwhittaker.org.uk/ipxe-i...n-and-EFI/

make bin-x86_64-efi/ipxe.efi EMBED=chain.ipxe

where chain.ipxe is defined as below to force it to use TFTP rather than HTTP, based on information here:
http://reboot.pro/topic/19414-chainload-winpe-pxe-uefi/

#!ipxe

dhcp
set next-server 10.100.1.2
chain tftp://$(next-server)/bootx64.efi



I can serve the ipxe.efi file I compiled jsut fine, but things pretty much just stop there.

it says

"iPXE initializing devices... ok

iPXE 1.0.0+(133f)
...
Features: DNS HTTP iSCSI TFTP SRP AoE EFI Menu"

and then just stops. Wireshark shows no network messages subsequent top the TFTP download of ipxe.efi, DHCP or otherwise, so clearly hasn't started running the script.


(as an aside, this is similar to what grubnetx64.efi was downing.. download the base bit, then broke into a shell instead of trying to download the menu conf file, etc.)


Any suggestions?

Flashing Yocto Image using iPXE

November 21, 2018, 10:59 pm
$
0
0
Hi Guys,

How can i flash an hddimg or .wic yocto image over iPXE

Here is what I got working

The intel machine (Apollo lake SoC) gets it's ip over DHCP Server , loads ipxe.efi and then the test script (test.ipxe)

#!ipxe
echo test
kernel bzImage
initrd initrd
imgargs bzImage rw root=/dev/ram0 initrd=initrd
boot

Which loads the bzImage and initrd and then boots, it is working fine till here.

How can I transfer a dd image and flash it using dd command, is this possible using ipxe

iPXE esxi 6.7.0 EFI roms

November 28, 2018, 8:24 pm
$
0
0
iPXE EFI IPv6 purist alert !

However, I simply cannot get any other rom than the Intel e1000e aka "808610d3.mrom" (BIOS version) to work on esxi 6.7.0.

My madness having been contested numerous times as follows:

1. Download source:
Code:
cd /usr/src
git clone git://git.ipxe.org/ipxe.git
cd ipxe/src
apt-get install liblzma-dev (**requirement**)

2. Ajust src/config/general.h
Code:
Amend:    
    #define NET_PROTO_IPV6
    #define DOWNLOAD_PROTO_HTTPS
Uncomment:
    #define    CONSOLE_CMD
    #define    NTP_CMD

3. Build / make roms (all efi flavours Big Grin)
Code:
make bin-x86_64-efi/15ad07b0.efirom bin-x86_64-efi/808610d3.efirom bin-x86_64-efi/8086100f.efirom bin-x86_64-efi/10222000.efirom

make bin-x86_64-efi/15ad07b0.efi bin-x86_64-efi/808610d3.efi bin-x86_64-efi/8086100f.efi bin-x86_64-efi/10222000.efi

4. Copy roms to esxi under /vmfs/volumes/datastore1/roms/

5. Edit .vmx of particular VM to reference .efiroms:
Code:
ethernet0.opromsize = 262144
e1000bios.filename = "/vmfs/volumes/datastore1/roms/8086100f.efirom"
e1000ebios.filename = "/vmfs/volumes/datastore1/roms/808610d3.efirom"
nbios.filename = "/vmfs/volumes/datastore1/roms/10222000.efirom"
# nxbios.filename = ""
nx3bios.filename = "/vmfs/volumes/datastore1/roms/15ad07b0.efirom"

6. Set VM to boot EFI & cycle through the NIC options (being only e1000e & VMX3NET)

- no IPXE Confused

7. Set VM to boot BIOS & cycle through the NIC optios (being only e1000e & VMX3NET) I know, I know. Just making sure it's not me ...

- no IPXE

8. Adjust .vmx of particular VM to .efis:
Code:
ethernet0.opromsize = 262144
e1000bios.filename = "/vmfs/volumes/datastore1/roms/8086100f.efi"
e1000ebios.filename = "/vmfs/volumes/datastore1/roms/808610d3.efi"
nbios.filename = "/vmfs/volumes/datastore1/roms/10222000.efi"
# nxbios.filename = ""
nx3bios.filename = "/vmfs/volumes/datastore1/roms/15ad07b0.efi"

9. Set VM to boot EFI & cycle through the NIC options (being only e1000e & VMX3NET)

- no IPXE Dodgy

10. Set VM to boot BIOS & cycle through the NIC options (being only e1000e & VMX3NET) - I know... another level of madness ...

- no IPXE

11. As a "madness level" checker, I did a "make vmware" for the BIOS versions. Copy BIOS roms to esxi. Adjust .vmx. Try all the driver and firmware options...

... and ONLY the Intel e1000e boots displaying "iPXE (PCI 03:00.0)" as a boot option and actually boots a working iPXE 1.0.0+ (133f) with DHCP6 support

What am I doing wrong .... ? Huh

Boot a FC volume using IPXE

November 28, 2018, 11:31 pm
$
0
0
Hello, I have a FC volume(this volume has OS written onto it) created on the SAN and I've attached to a Server(Baremetal). Now i want to boot that volume using IPXE. I know that using sanhook we can boot ISCSI volume. From this "https://ipxe.org/sanuri" link i found that we can use fcp i.e fibre channel protocol and boot the FC volume.

When I tried it

#!ipxe

sanhook --driver 0x80 fcp:10:00:70:10:6F:76:FC:32:0001

I'm getting this error: "Could not open SAN device: Error 0x3f142083 (http://ipxe.org/3f142083)"

Any suggestions?

Problems booting/installing Win 10 from 2016 WDS using iPXE

November 29, 2018, 2:09 pm
$
0
0
Hello,

I'm been having trouble PXE booting/installing Windows 10 images inside of RHEL 7.4 KVM VMs. After going through an exhaustive trouble-shooting process, I believe I've found a compatibility issue between RHEL's KVM VM boot loader, iPXE v1.0.0+, and my Server 2016 WDS system.

The breakthrough in my testing involved attempting to PXE boot/install to a bare metal system (which normally works just fine) using the iPXE boot disk (http://ipxe.org/download), the boot fails in the exact same way as it does within the RHEL KVM VM environment.

To get my iPXE 1.0.0+ systems to boot/install from the WDS server, I have to type in:

iPXE> chain tftp://172.16.0.1/boot\\x86\\wdsnbp.com

Does anyone know if there's a compatibility issue between iPXE v1.0.0+ and WDS? Does anyone know of a workaround for this issue? I'd prefer to be able to boot iPXE 1.0.0+ systems without any user intervention.

Thanks!

Rob
Niceville, FL

iPXE over IPv6 implementation notes

December 6, 2018, 6:09 am
$
0
0
Trying to implement chainloading of iPXE over IPv6 as to eliminate TFTP and IPv4 for use on a fleet of NUC7CJYH's has been an horrifying experience. The solution is far from complete, yet I list some key aspects I wish I knew and hope others may elaborate or comment on in favour of newcomers:

1. Router Advertisement:

- "Managed" or "Assisted"
- "Stateless" ... tends to be iffy ...

2. IETF RFC 5970 - HTTP & TFTP URL DHCPv6 option 59:

- Forget it ! Hardware vendor's UEFI IPv6 implementations does NOT as yet support the HTTP protocol. (No http://)
- Only TFTP protocol is supported ( tftp:// )

3. IPv6 addresses

- iPXE does not like Link-Local addresses (fe80::1)
- IPv6 addresses HAS to be prefixed

4. pfsense ISC DHCP

- Simply does not present DHCPv6 options (ie boot-file url option 59) to PXE clients
- Implementing ISC DHCP or DNSMASQ on a VM, works

5. NUC freezes at "iPXE initialising devices..." when using:

- ipxe.efi
- realtek.efi

6. NUC "works" (intermittendly) with ...

- snponly.efi

7. Random issues to expect...

- Blackscreen after selecting IPv6 UEFI boot
- Acquires IPv6, yet doesn't acquire boot-file (via TFTP)
- Freezes at "iPXE initialising devices..."

The only reasonable resolution has been to EMBED the location of the "menu" (where file is located) whilst compiling ipxe.efi (133f) with only IPv6 support. Then having IPv4 & TFTP "serve" the ipxe.efi as a boot-file, which, on loading connects via IPv6 to the "menu" location.

It's smooth. It's reliable. It works.

IPv4 and TFTP unfortunately remains part of the solution .. for now...
Search

UEFI booting linux, initramfs not loaded?

December 5, 2018, 2:31 pm
$
0
0
I've been trying to boot the newer Dell computers with UEFI, given they no longer support the BIOS boot method from hard drive, and you need to boot UEFI to install Ubuntu as UEFI.

I've set up the Ubuntu 16.04 LTS installer, I boot the computer on UEFI and boot iPXE. I select the menu entry for installing Ubuntu 16.04, and the screen shows the kernel downloading and the initrd downloading:
[Image: 7cvgy0Il.jpg]

From there, the kernel boots, and almost immediately shows the error that it cannot open root device "nfs":
[Image: FUDCzCM.jpg]

The ipxe code to do this,
Code:
set nfs_path /home/netboot/images
set nfs_file nfs://${nfs_ip}${nfs_path}
set ubuntu_path ori-xenial
kernel ${nfs_file}/${ubuntu_path}/install/hwe-netboot/ubuntu-installer/amd64/linux-ori
initrd ${nfs_file}/${ubuntu_path}/install/hwe-netboot/ubuntu-installer/amd64/initrd-ori
iseq ${enable-debug} true && set additional-args DEBCONF_DEBUG=developer ||
imgargs linux-ori root=/dev/nfs hostname=netboot-inst url=tftp://${nfs_ip}/${ubuntu_path}/preseed/optimus.seed file=preseed/optimus.seed auto=true boot=casper netboot=nfs nfsrootdebug nfsroot=${nfs_ip}:${nfs_path}/${ubuntu_path} tftppath=${ubuntu_path} ip=dhcp ${additional-args} break=top BOOT_DEBUG=3 debug -- || goto boot_err

... and when I boot this on BIOS boot method, I hit the break at the top of the init script. When I boot this on UEFI, I get that the root device NFS does not exist.

It feels like NIC drivers, so I compiled the e1000e driver into the Ubuntu kernel and tried booting... only to get the same error again. At that point, it still felt like it wasn't loading the initramfs, so I did what any experimental person would do: I compiled the initramfs into the kernel, yielding a 200MB bzimage. I edited the menu,
Code:
kernel ${nfs_file}/${ubuntu_path}/install/hwe-netboot/ubuntu-installer/amd64/linux-allinone
#initrd ...
and booted. I hit the breakpoint at the top of the init script.

It seems like the initramfs as loaded by ipxe isn't being used specifically in UEFI boot mode. Perhaps it's being loaded to an incorrect area. Does anyone have input here?

iPXE over WiFi // 12-2018 Any Update?

December 8, 2018, 6:37 pm
$
0
0
Hi,

My name is Michael. I was trying to research a way to boot a wireless laptop to a PXE WDS server.

Not just a single wireless laptop, any.

I'm not much of a unix guru and I know this iPXE program uses a fair bit of it to compile, but I fail to see how it works, despite glancing over the documentation.

Lets say that I happen to have a driver pack like 'Snappy Driver Installer' that holds a lot of generic WiFi drivers, and that if I were to make a thumb drive that loads an iPXE that detects what WiFi card is in a device and pulls that file from the driver pack...

How could I accomplish that?

I'm trying to avoid having to use a USB to Ethernet adapter, because the next step would be to try and get tablets and phones to work with other deployment methods... however there's not much documentation on people even trying to do this over WiFi except with SCCM. I'm not using a domain or active directory so that idea is no bueno.

Figured that in 12/2018 that somebody would've had something that could do all of this but perhaps the right initiative isn't there yet.

Google searching for this has been pretty limited.

- Michael

wimboot appears to be causing a runtime error in app

December 12, 2018, 9:32 am
$
0
0
hi
I've been poking at ipxe and wimboot as an alternative to wds and other pxe setups.

I have a PE image booting successfully. Which is great. I love the way that additional files can be injected into the wim image by specifying the files and location in the config file. And it works great too :-)

However. The .exe that I am attempting to run (which gives me a menu system) throws a MS Visual c++ Runtime error - R6034.

This error occurs if I manually copy the .exe into the PE session or if I use a script file to copy the file in.

If I use the same .wim file with wds then I don't get the error and the .exe runs fine.

As far as I can tell the only difference in the process is wimboot.

I've looked at tweaking the registry keys as per some of the other posts but the .exe still errors. Not sure if this tweaking should happen before wpeinit?

Anyone seen this issue before or any suggestions what / where to prod further?

Jamie

[tls] received overlength Handshake - GoDaddy certs

December 14, 2018, 6:33 am
$
0
0
Hey,

we are using iPXE to chainload from HTTPS which works fine in most cases but fails with GoDaddy certificates.

Steps to reproduce:
  • clone latest ipxe git repo
  • enable DOWNLOAD_PROTO_HTTPS in general.h and maybe adjust other other defines for your needs
  • Download GoDaddy CA and intermediate cert: https://certs.godaddy.com/repository/gdroot-g2.crt and https://certs.godaddy.com/repository/gdig2.crt.pem
  • embedded script:
    Code:
    #!ipxe
    dhcp
    chain https://www.godaddy.com/
    (I know there is nothing to chainload there but it's just an example for a domain using a GoDaddy cert)
  • make bin/undionly.kpxe EMBED=chain DEBUG=tls TRUST=/path/to/gdroot-g2.crt,/path/to/gdig2.crt.pem

Now booting this fails with "Invalid argument (http://ipxe.org/1c0de802)". When disabling some of the debug dump output (src/net/tls.c line 1810) I see the last message to show TLS ... received overlength Handshake.

If I comment/skip the "return -EINVAL_HANDSHAKE" in line 1811 it proceeds but fails on TLS ... overlength certificate (src/net/tls.c line 1591)this time.

Seems like len/remaining variable is set to 4096 (iob_len) and that truncates the long (5286 bytes) SSL handshake record / certificate.

I have looked through the code a bit but I am afraid I will break things when I play with io buffer length stuff. Anyone an idea?

Thanks in advance,
Sebastian

Can iPXE UEFI mode via USB key

December 15, 2018, 2:44 am
$
0
0
i am trying to conect but really dont know how to connect this hower even i am not sure they are supporting usb key or not

as i realze that it may be connect but when i am trying to connect its get failed
Viewing all 1484 articles
Browse latest View live
Search
<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>