UEFI/Secure Boot issues



  • I’ve got my system setup to try an get this working, but it’s not finding the boot devices properly I think. Below is my DHCP.conf file. I’ve made the relevant changes to mirror Option 1 in Example 1.

    # DHCP Server Configuration file\n#see /usr/share/doc/dhcp*/dhcpd.conf.sample
    # This file was created by FOG
    #Definition of PXE-specific options
    # Code 1: Multicast IP Address of bootfile
    # Code 2: UDP Port that client should monitor for MTFTP Responses
    # Code 3: UDP Port that MTFTP servers are using to listen for MTFTP requests
    # Code 4: Number of seconds a client must listen for activity before trying
    #         to start a new MTFTP transfer
    # Code 5: Number of seconds a client must listen before trying to restart
    #         a MTFTP transfer
    option space PXE;
    option PXE.mtftp-ip code 1 = ip-address;
    option PXE.mtftp-cport code 2 = unsigned integer 16;
    option PXE.mtftp-sport code 3 = unsigned integer 16;
    option PXE.mtftp-tmout code 4 = unsigned integer 8;
    option PXE.mtftp-delay code 5 = unsigned integer 8;
    option arch code 93 = unsigned integer 16;
    use-host-decl-names on;
    ddns-update-style interim;
    ignore client-updates;
    authoritative;
    # Specify subnet of ether device you do NOT want service.
    # For systems with two or more ethernet devices.
    # subnet 136.165.0.0 netmask 255.255.0.0 {}
    subnet 192.168.240.0 netmask 255.255.255.0{
        option subnet-mask 255.255.255.0;
        range dynamic-bootp 192.168.240.10 192.168.240.254;
        default-lease-time 21600;
        max-lease-time 43200;
        #option routers 0.0.0.0
        next-server 192.168.240.10;
        class "UEFI-32-1" {
        match if substring(option vendor-class-identifier, 0, 20) = "PXEClient:Arch:00006";
        filename "i386-efi/ipxe.efi";
        }
    
        class "UEFI-32-2" {
        match if substring(option vendor-class-identifier, 0, 20) = "PXEClient:Arch:00002";
         filename "i386-efi/ipxe.efi";
        }
    
        class "UEFI-64-1" {
        match if substring(option vendor-class-identifier, 0, 20) = "PXEClient:Arch:00007";
         filename "ipxe.efi";
        }
    
        class "UEFI-64-2" {
        match if substring(option vendor-class-identifier, 0, 20) = "PXEClient:Arch:00008";
        filename "ipxe.efi";
        }
    
        class "UEFI-64-3" {
        match if substring(option vendor-class-identifier, 0, 20) = "PXEClient:Arch:00009";
         filename "ipxe.efi";
        }
    
        class "Legacy" {
        match if substring(option vendor-class-identifier, 0, 20) = "PXEClient:Arch:00000";
        filename "undionly.kkpxe";
        }
    
    }
    

    I’ve restarted the DHCPD service, and all FOG services. When it tries to boot over ipv4 I get PXE-e18 Server response timeout it then boots to Windows as normal. Please let me know what I am missing as I want to make this work with UEFI if possible and not force myself to change all machines BIOS to legacy just to allow imaging. Thanks in advance.

    EDIT: Forgot to mention. It’s Centos 7 and FOG 1.4.4



  • @Quazz
    The device is a Lenovo X1 Yoga Gen 2.

    There are no other devices on the subnet. I have the server physically and logically separated from all other networks/devices in my scheme. I will disable secure boot and report back.

    EDIT: Secure boot disabled is letting me boot to the FOG menu now. I just need to change the MENU EXIT TYPE I think. When I chose the Boot From Hard Disk option, I got a “Chainloading” failure. I think once I get that straightened out, it will work.

    EDIT 2: I changed the option FOG_EFI_BOOT_EXIT_TYPE to REFIND_EFI and it was able to boot successfully from the FOG Menu.


  • Moderator

    Which device are you trying to boot?

    Does it work with Secure Boot disabled?

    edit: Are there other DHCP devices on the subnet?


Log in to reply
 

994
Online

39005
Users

10720
Topics

101776
Posts

Looks like your connection to FOG Project was lost, please wait while we try to reconnect.