I remplaced grubx64 by grubnetx64 (not sure if needed but was recommanded for PXE) and create a “grub” directory in tftpboot with “grub.cfg” inside.
Grub signed look for cfg file in a subdir called “grub” by default.
cp /usr/lib/grub/x86_64-efi-signed/grubnetx64.efi.signed /tftpboot/grubx64.efi
mkdir /tftpboot/grub
chmod -R a+rX /tftpboot/grub
I get grub menu.
update (10 am) :
I copied snponly.efi in grub directory and signed it with the FOG-MOK key I generated before.
sbsign --key /root/secureboot/FOG-MOK.key --cert /root/secureboot/FOG-MOK.crt /tftpboot/snponly.efi --output /tftpboot/grub/snponly.efi
I end with “error ; bad shim signature”.
I think I need to import the key on the computer with command “mokutil --import /chemin/vers/FOG-MOK.der”
I keep on searching…
2nd update (12:30 am):
To enroll key :
cp /usr/lib/shim/mmx64.efi.signed /tftpboot/mmx64.efi
and in tftpboot/grub/grub.cfg
menuentry 'Enroll MOK' {
insmod tftp
insmod chain
chainloader (tftp,192.168.69.10)/mmx64.efi
boot
}
menuentry 'Boot FOG (iPXE)' {
insmod efinet
insmod tftp
insmod chain
net_bootp
chainloader (tftp,192.168.69.10)/grub/snponly.efi
boot
}
Copy the .der on usb key, put it on the computer, run “Enroll from disk” in pxe grub menu.
Reboot and run “Boot FOG”…
And at least I have the FOG menu ! 😎
I think I’m in the right way. 😅
Let’s keep on working.