stevenshiau
commented
6 years ago Is there anything I can do to make this work? Thank you very much.
Steven
Open stevenshiau opened 6 years ago
stevenshiau
commented
6 years ago Is there anything I can do to make this work? Thank you very much.
Steven
We use Dnsmasq to replay the network boot service (PXE and uEFI network boot), for PXE, the pxelinux.0 works. However, with uEFI, if the secure boot is enabled, it fails. This is due to this issue: http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2017q1/thread.html#11125 Dnsmasq won't be able to relay the tftp service for uEFI netboot client. When we disable secure boot, and use the following command to create a grubx64.efi by embedding the tftp server, for example: grub-mkimage -C xz -O x86_64-efi -o /tftpboot/nbi_img/bootx64.efi --prefix='(tftp)/grub-efi.cfg/' -c /tmp/grub-efi.tmp/grub-header.cfg normal tftp efinet chain echo net gzio xzio linux efi_gop efi_uga png gfxterm gfxterm_background gfxterm_menu serial part_gpt part_msdos boot multiboot progress search ext2 xfs reiserfs jfs hfsplus fat ntfs configfile test sleep tr reboot halt The contents of /tmp/grub-efi.tmp/grub-header.cfg: . set prefix=(tftp,192.168.120.12)/grub-efi.cfg echo "Grub CPU and platform: $grub_cpu, $grub_platform" echo 'Network status: ' net_ls_cards net_ls_addr net_ls_routes [snipped] . Then uEFI netboot client is able to get the required files (e.g. grubx64.efi, and unicode.pf2) from the tftp server 192.168.120.12.
How can we do the similar thing for shim if it's signed? Is that possible we can pass the tftp server to shim without recompiling and signing it?
Thank you very much.