• Recent
    • Unsolved
    • Tags
    • Popular
    • Users
    • Groups
    • Search
    • Register
    • Login

    UEFI with Safe Boot turned on.... Help!

    Scheduled Pinned Locked Moved
    General Problems
    2
    2
    1.0k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • J
      jamartin
      last edited by jamartin

      Hello everyone,

      Setup: FOG 1.5.4
      CentOS 7
      Clonezilla Live: 20180329-artful

      I want to make it easier to image PC’s. Right now I have to go into every machine to turn off “Safe Boot” and then using the servers IP address and “ipxe.efi” via option 66 and 67 on our DHCP server I can get an associated host to image from FOG.

      If a host is not pre-associated with FOG we can still get to the FOG menu:

      0_1530901206342_19b2c0cd-a35d-4f49-8567-e44a5fc46d62-image.png

      I would like to not have to turn off secure boot every time.

      So far the only working solution which allows booting with all security turned on is Clonezilla.

      Here’s where things seem to get tricky for me. I know FOG doesn’t natively support UEFI and Safe Boot but there is a Clonezilla PXE Boot option I want to try.

      Website: https://clonezilla.org/livepxe.php

      I’ve followed the steps listed here and in another site:

      https://community.spiceworks.com/topic/352773-fog-and-uefi

      They say to copy the necessary files (initrd.img, filesystem.squashfs, vmlinuz) from the “Live” folder from the Clonezilla Live image. For ease I put them in the tftp root.

      tftp folder:

      0_1530902289282_9a51cd71-79e9-4f09-a0bb-727496734de6-image.png

      Both mention configuring the pxelinux.cfg menu “default” which I’ve done using http and tftp destinations:

      0_1530901891608_40eeb0c5-e8af-472f-874c-1a1990616bc6-image.png

      0_1530902029270_91f7bd9d-4f71-4e40-8776-3639aa15ec4e-image.png

      They say to reboot and watch the clients go but it never happens. They mention the ability to select Clonezilla from a menu but I have no idea what menu. The only menu I’ve ever seen is the one shown above which has never mentioned Clonezilla.

      If I try to run the process with Safe Boot on I always get an error from the PC:

      0_1530903402046_06f6cb6b-4e75-4897-8f22-24d5c578a6a9-image.png

      I can’t seem to get anywhere with it.

      Is there a secondary menu I’m missing that isn’t loading via FOG?

      I have also got the DHCP setup as depicted here:

      https://wiki.fogproject.org/wiki/index.php?title=BIOS_and_UEFI_Co-Existence

      on Server 2016:

      Any help would be greatly appreciated.

      Thanks.

      1 Reply Last reply Reply Quote 0
      • george1421G
        george1421 Moderator
        last edited by george1421

        The issue is that both iPXE (ipxe.efi) and the FOS linux kernel (bzImage) are not signed. So secure booting is not supported natively by the FOG Project.

        In contrast Ubuntu has a signed shim and grub kernel they use to jump start into the ubuntu linux kernel. If someone was a little skilled they could probably make iPXE and FOS boot using a similar shim.

        Please help us build the FOG community with everyone involved. It's not just about coding - way more we need people to test things, update documentation and most importantly work on uniting the community of people enjoying and working on FOG!

        1 Reply Last reply Reply Quote 0
        • 1 / 1
        • First post
          Last post

        144

        Online

        12.0k

        Users

        17.3k

        Topics

        155.2k

        Posts
        Copyright © 2012-2024 FOG Project