• Recent
  • Unsolved
  • Tags
  • Popular
  • Users
  • Groups
  • Search
  • Register
  • Login
  • Recent
  • Unsolved
  • Tags
  • Popular
  • Users
  • Groups
  • Search
  • Register
  • Login

UEFI/Secure Boot issues

Scheduled Pinned Locked Moved
General Problems
2
3
2.1k
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • B
    BedCruncher
    last edited by BedCruncher Jun 27, 2017, 11:29 AM Jun 27, 2017, 4:53 PM

    I’ve got my system setup to try an get this working, but it’s not finding the boot devices properly I think. Below is my DHCP.conf file. I’ve made the relevant changes to mirror Option 1 in Example 1.

    # DHCP Server Configuration file\n#see /usr/share/doc/dhcp*/dhcpd.conf.sample
    # This file was created by FOG
    #Definition of PXE-specific options
    # Code 1: Multicast IP Address of bootfile
    # Code 2: UDP Port that client should monitor for MTFTP Responses
    # Code 3: UDP Port that MTFTP servers are using to listen for MTFTP requests
    # Code 4: Number of seconds a client must listen for activity before trying
    #         to start a new MTFTP transfer
    # Code 5: Number of seconds a client must listen before trying to restart
    #         a MTFTP transfer
    option space PXE;
    option PXE.mtftp-ip code 1 = ip-address;
    option PXE.mtftp-cport code 2 = unsigned integer 16;
    option PXE.mtftp-sport code 3 = unsigned integer 16;
    option PXE.mtftp-tmout code 4 = unsigned integer 8;
    option PXE.mtftp-delay code 5 = unsigned integer 8;
    option arch code 93 = unsigned integer 16;
    use-host-decl-names on;
    ddns-update-style interim;
    ignore client-updates;
    authoritative;
    # Specify subnet of ether device you do NOT want service.
    # For systems with two or more ethernet devices.
    # subnet 136.165.0.0 netmask 255.255.0.0 {}
    subnet 192.168.240.0 netmask 255.255.255.0{
        option subnet-mask 255.255.255.0;
        range dynamic-bootp 192.168.240.10 192.168.240.254;
        default-lease-time 21600;
        max-lease-time 43200;
        #option routers 0.0.0.0
        next-server 192.168.240.10;
        class "UEFI-32-1" {
        match if substring(option vendor-class-identifier, 0, 20) = "PXEClient:Arch:00006";
        filename "i386-efi/ipxe.efi";
        }
    
        class "UEFI-32-2" {
        match if substring(option vendor-class-identifier, 0, 20) = "PXEClient:Arch:00002";
         filename "i386-efi/ipxe.efi";
        }
    
        class "UEFI-64-1" {
        match if substring(option vendor-class-identifier, 0, 20) = "PXEClient:Arch:00007";
         filename "ipxe.efi";
        }
    
        class "UEFI-64-2" {
        match if substring(option vendor-class-identifier, 0, 20) = "PXEClient:Arch:00008";
        filename "ipxe.efi";
        }
    
        class "UEFI-64-3" {
        match if substring(option vendor-class-identifier, 0, 20) = "PXEClient:Arch:00009";
         filename "ipxe.efi";
        }
    
        class "Legacy" {
        match if substring(option vendor-class-identifier, 0, 20) = "PXEClient:Arch:00000";
        filename "undionly.kkpxe";
        }
    
    }
    

    I’ve restarted the DHCPD service, and all FOG services. When it tries to boot over ipv4 I get PXE-e18 Server response timeout it then boots to Windows as normal. Please let me know what I am missing as I want to make this work with UEFI if possible and not force myself to change all machines BIOS to legacy just to allow imaging. Thanks in advance.

    EDIT: Forgot to mention. It’s Centos 7 and FOG 1.4.4

    1 Reply Last reply Reply Quote 0
    • Q
      Quazz Moderator
      last edited by Quazz Jun 28, 2017, 9:21 AM Jun 28, 2017, 3:18 PM

      Which device are you trying to boot?

      Does it work with Secure Boot disabled?

      edit: Are there other DHCP devices on the subnet?

      B 1 Reply Last reply Jun 28, 2017, 4:16 PM Reply Quote 0
      • B
        BedCruncher @Quazz
        last edited by BedCruncher Jun 28, 2017, 10:33 AM Jun 28, 2017, 4:16 PM

        @Quazz
        The device is a Lenovo X1 Yoga Gen 2.

        There are no other devices on the subnet. I have the server physically and logically separated from all other networks/devices in my scheme. I will disable secure boot and report back.

        EDIT: Secure boot disabled is letting me boot to the FOG menu now. I just need to change the MENU EXIT TYPE I think. When I chose the Boot From Hard Disk option, I got a “Chainloading” failure. I think once I get that straightened out, it will work.

        EDIT 2: I changed the option FOG_EFI_BOOT_EXIT_TYPE to REFIND_EFI and it was able to boot successfully from the FOG Menu.

        1 Reply Last reply Reply Quote 0
        • 1 / 1
        1 / 1
        • First post
          2/3
          Last post

        160

        Online

        12.0k

        Users

        17.3k

        Topics

        155.2k

        Posts
        Copyright © 2012-2024 FOG Project