UEFI/Secure Boot issues



  • I’ve got my system setup to try an get this working, but it’s not finding the boot devices properly I think. Below is my DHCP.conf file. I’ve made the relevant changes to mirror Option 1 in Example 1.

    # DHCP Server Configuration file\n#see /usr/share/doc/dhcp*/dhcpd.conf.sample
    # This file was created by FOG
    #Definition of PXE-specific options
    # Code 1: Multicast IP Address of bootfile
    # Code 2: UDP Port that client should monitor for MTFTP Responses
    # Code 3: UDP Port that MTFTP servers are using to listen for MTFTP requests
    # Code 4: Number of seconds a client must listen for activity before trying
    #         to start a new MTFTP transfer
    # Code 5: Number of seconds a client must listen before trying to restart
    #         a MTFTP transfer
    option space PXE;
    option PXE.mtftp-ip code 1 = ip-address;
    option PXE.mtftp-cport code 2 = unsigned integer 16;
    option PXE.mtftp-sport code 3 = unsigned integer 16;
    option PXE.mtftp-tmout code 4 = unsigned integer 8;
    option PXE.mtftp-delay code 5 = unsigned integer 8;
    option arch code 93 = unsigned integer 16;
    use-host-decl-names on;
    ddns-update-style interim;
    ignore client-updates;
    authoritative;
    # Specify subnet of ether device you do NOT want service.
    # For systems with two or more ethernet devices.
    # subnet 136.165.0.0 netmask 255.255.0.0 {}
    subnet 192.168.240.0 netmask 255.255.255.0{
        option subnet-mask 255.255.255.0;
        range dynamic-bootp 192.168.240.10 192.168.240.254;
        default-lease-time 21600;
        max-lease-time 43200;
        #option routers 0.0.0.0
        next-server 192.168.240.10;
        class "UEFI-32-1" {
        match if substring(option vendor-class-identifier, 0, 20) = "PXEClient:Arch:00006";
        filename "i386-efi/ipxe.efi";
        }
    
        class "UEFI-32-2" {
        match if substring(option vendor-class-identifier, 0, 20) = "PXEClient:Arch:00002";
         filename "i386-efi/ipxe.efi";
        }
    
        class "UEFI-64-1" {
        match if substring(option vendor-class-identifier, 0, 20) = "PXEClient:Arch:00007";
         filename "ipxe.efi";
        }
    
        class "UEFI-64-2" {
        match if substring(option vendor-class-identifier, 0, 20) = "PXEClient:Arch:00008";
        filename "ipxe.efi";
        }
    
        class "UEFI-64-3" {
        match if substring(option vendor-class-identifier, 0, 20) = "PXEClient:Arch:00009";
         filename "ipxe.efi";
        }
    
        class "Legacy" {
        match if substring(option vendor-class-identifier, 0, 20) = "PXEClient:Arch:00000";
        filename "undionly.kkpxe";
        }
    
    }
    

    I’ve restarted the DHCPD service, and all FOG services. When it tries to boot over ipv4 I get PXE-e18 Server response timeout it then boots to Windows as normal. Please let me know what I am missing as I want to make this work with UEFI if possible and not force myself to change all machines BIOS to legacy just to allow imaging. Thanks in advance.

    EDIT: Forgot to mention. It’s Centos 7 and FOG 1.4.4



  • @Quazz
    The device is a Lenovo X1 Yoga Gen 2.

    There are no other devices on the subnet. I have the server physically and logically separated from all other networks/devices in my scheme. I will disable secure boot and report back.

    EDIT: Secure boot disabled is letting me boot to the FOG menu now. I just need to change the MENU EXIT TYPE I think. When I chose the Boot From Hard Disk option, I got a “Chainloading” failure. I think once I get that straightened out, it will work.

    EDIT 2: I changed the option FOG_EFI_BOOT_EXIT_TYPE to REFIND_EFI and it was able to boot successfully from the FOG Menu.


  • Moderator

    Which device are you trying to boot?

    Does it work with Secure Boot disabled?

    edit: Are there other DHCP devices on the subnet?


Log in to reply
 

Looks like your connection to FOG Project was lost, please wait while we try to reconnect.