UEFI/Secure Boot issues

BedCruncher

I’ve got my system setup to try an get this working, but it’s not finding the boot devices properly I think. Below is my DHCP.conf file. I’ve made the relevant changes to mirror Option 1 in Example 1.

# DHCP Server Configuration file\n#see /usr/share/doc/dhcp*/dhcpd.conf.sample
# This file was created by FOG
#Definition of PXE-specific options
# Code 1: Multicast IP Address of bootfile
# Code 2: UDP Port that client should monitor for MTFTP Responses
# Code 3: UDP Port that MTFTP servers are using to listen for MTFTP requests
# Code 4: Number of seconds a client must listen for activity before trying
#         to start a new MTFTP transfer
# Code 5: Number of seconds a client must listen before trying to restart
#         a MTFTP transfer
option space PXE;
option PXE.mtftp-ip code 1 = ip-address;
option PXE.mtftp-cport code 2 = unsigned integer 16;
option PXE.mtftp-sport code 3 = unsigned integer 16;
option PXE.mtftp-tmout code 4 = unsigned integer 8;
option PXE.mtftp-delay code 5 = unsigned integer 8;
option arch code 93 = unsigned integer 16;
use-host-decl-names on;
ddns-update-style interim;
ignore client-updates;
authoritative;
# Specify subnet of ether device you do NOT want service.
# For systems with two or more ethernet devices.
# subnet 136.165.0.0 netmask 255.255.0.0 {}
subnet 192.168.240.0 netmask 255.255.255.0{
    option subnet-mask 255.255.255.0;
    range dynamic-bootp 192.168.240.10 192.168.240.254;
    default-lease-time 21600;
    max-lease-time 43200;
    #option routers 0.0.0.0
    next-server 192.168.240.10;
    class "UEFI-32-1" {
    match if substring(option vendor-class-identifier, 0, 20) = "PXEClient:Arch:00006";
    filename "i386-efi/ipxe.efi";
    }

    class "UEFI-32-2" {
    match if substring(option vendor-class-identifier, 0, 20) = "PXEClient:Arch:00002";
     filename "i386-efi/ipxe.efi";
    }

    class "UEFI-64-1" {
    match if substring(option vendor-class-identifier, 0, 20) = "PXEClient:Arch:00007";
     filename "ipxe.efi";
    }

    class "UEFI-64-2" {
    match if substring(option vendor-class-identifier, 0, 20) = "PXEClient:Arch:00008";
    filename "ipxe.efi";
    }

    class "UEFI-64-3" {
    match if substring(option vendor-class-identifier, 0, 20) = "PXEClient:Arch:00009";
     filename "ipxe.efi";
    }

    class "Legacy" {
    match if substring(option vendor-class-identifier, 0, 20) = "PXEClient:Arch:00000";
    filename "undionly.kkpxe";
    }

}

I’ve restarted the DHCPD service, and all FOG services. When it tries to boot over ipv4 I get PXE-e18 Server response timeout it then boots to Windows as normal. Please let me know what I am missing as I want to make this work with UEFI if possible and not force myself to change all machines BIOS to legacy just to allow imaging. Thanks in advance.

EDIT: Forgot to mention. It’s Centos 7 and FOG 1.4.4

Quazz

Which device are you trying to boot?

Does it work with Secure Boot disabled?

edit: Are there other DHCP devices on the subnet?

BedCruncher

@Quazz
The device is a Lenovo X1 Yoga Gen 2.

There are no other devices on the subnet. I have the server physically and logically separated from all other networks/devices in my scheme. I will disable secure boot and report back.

EDIT: Secure boot disabled is letting me boot to the FOG menu now. I just need to change the MENU EXIT TYPE I think. When I chose the Boot From Hard Disk option, I got a “Chainloading” failure. I think once I get that straightened out, it will work.

EDIT 2: I changed the option FOG_EFI_BOOT_EXIT_TYPE to REFIND_EFI and it was able to boot successfully from the FOG Menu.