Can't chainload past Fog menu (Boot hard drive) - HP zbook laptop



  • You can see from the below bios config output most everything that may be useful. I am booting EFI firmware. I have secure boot disabled. I have a TPM and it is set to available. I have tried disabling the Intel Software Guard Extensions (SGX) which did nothing and I have reverted to “Software Control”.

    Booting to PXE works great. Imaging works fine (I get a warning about not being able to set the disk UUID after deployment, but that’s the only hiccup).

    Running Fog 1.5.0 RC10
    SVN Revision: 6080
    Kernel 4.13.4

    Product Name
    	HP ZBook 17 G4
    Processor 1 Type
    	Intel(R) Core(TM) i7-7700HQ CPU @ 2.80GHz
    Processor 1 Speed
    	2700 MHz
    Processor 1 Cache Size (L1/L2/L3)
    	256 KB / 1 MB / 6 MB
    Processor 1 MicroCode Revision
    	48
    Processor 1 Stepping
    	9
    Processor 1 Top-Slot 1(top)
    	Empty
    Processor 1 Top-Slot 2(under)
    	Empty
    Processor 1 Bottom-Slot 1(top)
    	8 GB Hynix/Hyundai
    Processor 1 Bottom-Slot 2(under)
    	Empty
    Serial Number
    	**REDACTED**
    SKU Number
    	**REDACTED**#ABA
    Universally Unique Identifier (UUID)
    	**REDACTED**
    Memory Size
    	8192 MB
    System Board CT Number
    	**REDACTED**
    Product Family
    	103C_5336AN
    Primary Battery Serial Number
    	01173 2017/09/23
    System BIOS Version
    	P70 Ver. 01.02  06/09/2017
    BIOS Build Version
    	0000
    ME Firmware Version
    	11.6.12.3202
    Video BIOS Version
    	Intel(R) GOP Driver [9.0.1061]
    Reference Code Revision
    	1.3.0
    Embedded Controller Firmware Version
    	46.39
    Born On Date
    	11/16/2017
    System Board ID
    	**REDACTED**
    Integrated MAC Address 1
    	**REDACTED**
    Asset Tracking Number
    	
    Ownership Tag
    	
    Feature Byte
    	**REDACTED**.aB
    Build ID
    	**REDACTED**#SABA#DABA
    Lock BIOS Version
    	*Disable
    	Enable
    BIOS Rollback Policy
    	*Unrestricted Rollback to older BIOS
    	Restricted Rollback to older BIOS
    Minimum BIOS Version
    	00.00
    Password Minimum Length
    	8
    At least one symbol is required in Administrator and User passwords
    	*No
    	Yes
    At least one number is required in Administrator and User passwords
    	*No
    	Yes
    At least one upper case character is required in Administrator and User passwords
    	*No
    	Yes
    At least one lower case character is required in Administrator and User passwords
    	*No
    	Yes
    Are spaces allowed in Administrator and User passwords?
    	*No
    	Yes
    Prompt for Admin password on F9 (Boot Menu)
    	*Disable
    	Enable
    Prompt for Admin password on F11 (System Recovery)
    	*Disable
    	Enable
    Prompt for Admin password on F12 (Network Boot)
    	*Disable
    	Enable
    TPM Specification Version
    	2.0
    TPM Device
    	Hidden
    	*Available
    TPM State
    	Disable
    	*Enable
    Clear TPM
    	*No
    	On next boot
    TPM Activation Policy
    	F1 to Boot
    	*Allow user to reject
    	No prompts
    Verify Boot Block on every boot
    	*Disable
    	Enable
    BIOS Data Recovery Policy
    	*Automatic
    	Manual
    Prompt on Network Controller Configuration Change
    	*Disable
    	Enable
    Dynamic Runtime Scanning of Boot Block
    	Disable
    	*Enable
    Sure Start BIOS Settings Protection
    	*Disable
    	Enable
    Enhanced HP Firmware Runtime Intrusion Prevention and Detection
    	Disable
    	*Enable
    Sure Start Security Event Policy
    	Log Event Only
    	*Log Event and notify user
    	Log Event and power off system
    Save/Restore MBR of System Hard Drive
    	*Disable
    	Enable
    Save/Restore GPT of System Hard Drive
    	*Disabled
    	Enabled
    Allow OPAL Hard Drive SID Authentication
    	*Disable
    	Enable
    Permanent Disable Absolute Persistence Module Set Once
    	*No
    	Yes
    System Management Command
    	Disable
    	*Enable
    Fingerprint Reset on Reboot
    	*Disable
    	Enable
    Host Based MAC Address
    	*Disable
    	System
    	Custom
    HBMA Factory MAC Address
    	**REDACTED**
    HBMA System MAC Address
    	**REDACTED**
    HBMA Custom MAC Address
    	**REDACTED**
    Pre-boot HBMA Support
    	Disable
    	*Enable
    Windows HBMA Support
    	Disable
    	*Enable
    Single NIC Operation (Disable All Other NICs when HBMA is active on one NIC)
    	*Disable
    	Enable
    HBMA Priority List
    	USB NIC Dongle:HP External Adapter :0BDA_8153
    	Thunderbolt Dock:HP Elite Dock :14E4_1682:14E4_1682
    	Embedded NIC:Intel (vPro) :8086_15B7:103C_8270
    	USB NIC Dongle:HP USB-C Travel Dock :17E9_4352
    	USB NIC Dongle:HP USB Travel Dock :17E9_4351
    	USB NIC Dongle:HP 3005pr :17E9_430A
    	USB NIC Dongle:HP Universal pr :17E9_4327
    Select Language
    	*English
    	Deutsch
    	Espanol
    	Italiano
    	Francais
    	Japanese
    	Portugues
    	Dansk
    	Svenska
    	Nederlands
    	Norsk
    	Suomi
    	Simplified Chinese
    	Traditional Chinese
    Select Keyboard Layout
    	*English
    	Deutsch
    	Espanol
    	Italiano
    	Francais
    	Japanese
    	Portugues
    	Dansk
    	Svenska
    	Nederlands
    	Norsk
    	Suomi
    	Simplified Chinese
    	Traditional Chinese
    Sunday
    	*Disable
    	Enable
    Monday
    	*Disable
    	Enable
    Tuesday
    	*Disable
    	Enable
    Wednesday
    	*Disable
    	Enable
    Thursday
    	*Disable
    	Enable
    Friday
    	*Disable
    	Enable
    Saturday
    	*Disable
    	Enable
    BIOS Power-On Hour
    	0
    BIOS Power-On Minute
    	0
    Power On When AC Detected
    	*Disable
    	Enable
    Power On When Lid is Opened
    	*Disable
    	Enable
    Startup Delay (sec.)
    	*0
    	5
    	10
    	15
    	20
    	25
    	30
    	35
    	40
    	45
    	50
    	55
    	60
    Fast Boot
    	*Disable
    	Enable
    Audio Alerts During Boot
    	Disable
    	*Enable
    NumLock on at boot
    	Disable
    	*Enable
    USB Storage Boot
    	Disable
    	*Enable
    Prompt on Memory Size Change
    	Disable
    	*Enable
    Network (PXE) Boot
    	Disable
    	*Enable
    Prompt on Fixed Storage Change
    	*Disable
    	Enable
    Prompt on Battery Errors
    	Disable
    	*Enable
    Legacy Boot Options
    	Disable
    	*Enable
    Legacy Boot Order
    	HDD:USB:1
    	HDD:M.2:1
    UEFI Boot Options
    	Disable
    	*Enable
    UEFI Boot Order
    	NETWORK IPV4:EMBEDDED:1
    	HDD:M.2:1
    	HDD:USB:1
    	NETWORK IPV6:EMBEDDED:1
    HP_Disk0MapForUefiBootOrder
    	PciRoot(0x0)/Pci(0x1B,0x0)/Pci(0x0,0x0)/NVMe(0x1,95-79-BE-71-B7-38-25-00)/HD(1,GPT,AFFBFB07-C841-4F92-8F9A-FCE300C11F29,0x800,0xB4000)/\EFI\Microsoft\Boot\bootmgfw.efi
    	PciRoot(0x0)/Pci(0x14,0x0)
    	PciRoot(0x0)/Pci(0x1F,0x6)/MAC(**REDACTED**,0x0)/IPv6(0000:0000:0000:0000:0000:0000:0000:0000,0x0,Static,0000:0000:0000:0000:0000:0000:0000:0000,0x40,0000:0000:0000:0000:0000:0000:0000:0000)
    	PciRoot(0x0)/Pci(0x1F,0x6)/MAC(**REDACTED**,0x0)/IPv4(0.0.0.0,0x0,DHCP,0.0.0.0,0.0.0.0,0.0.0.0)
    HP_Disk0MapForLegacyBootOrder
    	BBS(0xFFFF,,0x0)/PciRoot(0x0)/Pci(0x14,0x0)
    	BBS(HD,SAMSUNG MZVLW256HEHP-000H1-**REDACTED**,0x400)/PciRoot(0x0)/Pci(0x1B,0x0)/Pci(0x0,0x0)/NVMe(0x1,95-79-BE-71-B7-38-25-00)
    Smart Card Reader Power Setting (if present)
    	Always powered on
    	*Powered on if card is present
    Secondary Battery Fast Charge
    	Disable
    	*Enable
    Launch Hotkeys without Fn Keypress
    	*Disable
    	Enable
    Swap Fn and Ctrl (Keys)
    	*Disable
    	Enable
    Power Control
    	*Disable
    	Enable
    Fast Charge
    	Disable
    	*Enable
    Lock Wireless Button
    	*Disable
    	Enable
    WWAN Quick Connect
    	Disable
    	*Enable
    Fan Always on while on AC Power
    	*Disable
    	Enable
    Wake on WLAN
    	*Disable
    	Enable
    Wake on LAN on DC mode
    	*Disable
    	Enable
    Wake on WiGig
    	Disable
    	*Enable
    Boost Converter
    	Disable
    	*Enable
    Backlit keyboard timeout
    	5 secs.
    	*15 secs.
    	30 secs.
    	1 min..
    	5 mins.
    	Never.
    Bluetooth
    	Disable
    	*Enable
    Wireless Network Device (WLAN)
    	Disable
    	*Enable
    Embedded WiGig Device
    	Disable
    	*Enable
    Mobile Network Device (WWAN)
    	Disable
    	*Enable
    Mobile Network Device (WWAN) and GPS Combo Device
    	Disable
    	*Enable
    LAN / WLAN Auto Switching
    	*Disable
    	Enable
    GPS Device
    	Disable
    	*Enable
    Configure Legacy Support and Secure Boot
    	*Legacy Support Enable and Secure Boot Disable
    	Legacy Support Disable and Secure Boot Enable
    	Legacy Support Disable and Secure Boot Disable
    Import Custom Secure Boot keys
    	*Do Nothing
    	On next boot
    Clear Secure Boot keys
    	*Disable
    	Enable
    Reset Secure Boot keys to factory defaults
    	*Disable
    	Enable
    Enable MS UEFI CA key
    	No
    	*Yes
    Ready to disable MS UEFI CA Key
    	Not Ready
    	*Ready
    Custom Keys Image Verification State
    	*No Custom Keys
    	Fail
    	Success
    Ready BIOS for Device Guard Use
    	*Do Nothing
    	Configure on Next Boot
    	Clear Configuration on Next Boot
    Configure Storage Controller for RAID
    	*Disable
    	Enable
    USB Type-C Controller(s) Firmware Version:
    	TIPD Primary 1-Port Controller : 1.11.11
    	TIPD Secondary 1-Port Controller : 1.11.11
    Audio Device
    	Disable
    	*Enable
    Intel Smart Sound
    	Disable
    	*Enable
    Embedded LAN controller
    	Disable
    	*Enable
    Wake On LAN
    	Disabled
    	Boot to Network
    	*Boot to Hard Drive
    Integrated Microphone
    	Disable
    	*Enable
    Internal Speakers
    	Disable
    	*Enable
    Runtime Power Management
    	Disable
    	*Enable
    Headphone Output
    	Disable
    	*Enable
    Extended Idle Power States
    	Disable
    	*Enable
    Wake unit from sleep when lid is opened
    	*Disable
    	Enable
    Wake on USB
    	Disable
    	*Enable
    Integrated Camera
    	Disable
    	*Enable
    Fingerprint Device
    	Disable
    	*Enable
    Video Memory Size
    	*32 MB
    	64 MB
    	128 MB
    	256 MB
    	512 MB
    Graphics
    	Hybrid Graphics
    	Discrete Graphics
    	*Auto
    Force to Run Discrete Only Mode
    	*Disable
    	Enable
    Media Card Reader
    	Disable
    	*Enable
    USB Ports
    	Disable
    	*Enable
    USB Legacy Port Charging
    	Disable
    	*Enable
    Disable Charging Port in sleep/off if battery below (%):
    	10
    Smart Card
    	Disabled
    	*Enabled
    M.2 SSD 1
    	Disable
    	*Enable
    M.2 SSD 2
    	Disable
    	*Enable
    SATA1
    	Disable
    	*Enable
    SATA2
    	Disable
    	*Enable
    Thunderbolt Security Level
    	PCIe and DisplayPort - No Security
    	*PCIe and DisplayPort - User Authorization
    	PCIe and DisplayPort - Secure Connect
    	DisplayPort only
    Turbo-boost
    	Disable
    	*Enable
    Intel Software Guard Extensions (SGX)
    	Disable
    	Enable
    	*Software control
    Configure Option ROM Launch Policy
    	All Legacy
    	*All UEFI
    	All UEFI Except Video
    Hyperthreading
    	Disable
    	*Enable
    POST Prompt for RAID Configuration
    	Disable
    	*Enable
    Multi-processor
    	Disable
    	*Enable
    Virtualization Technology (VTx)
    	*Disable
    	Enable
    Virtualization Technology for Directed I/O (VTd)
    	*Disable
    	Enable
    Active Management (AMT)
    	Disable
    	*Enable
    USB Key Provisioning Support
    	*Disable
    	Enable
    Unconfigure AMT on next boot
    	*Do Not Apply
    	Apply
    SOL Terminal Emulation Mode
    	*ANSI
    	VT100
    Verbose Boot Messages
    	*Disable
    	Enable
    Watchdog Timer
    	*Disable
    	Enable
    OS Watchdog Timer (min.)
    	*5
    	10
    	15
    	20
    	25
    BIOS Watchdog Timer (min.)
    	*5
    	10
    	15
    	20
    	25
    USB Redirection Support
    	Disable
    	*Enable
    Show Unconfigure ME Confirmation Prompt
    	Disable
    	*Enable
    Wireless Manageability
    	*Disable
    	Enable
    CIRA Timeout (min.)
    	*1 min
    	2 mins
    	3 mins
    	4 mins
    	Never
    Deep Sleep
    	Off
    	*On
    Update Source
    	*HP
    	Custom
    Automatically Check for Updates
    	Daily
    	Weekly
    	*Monthly
    Automatic BIOS Update Setting
    	*Disable
    	Let user decide whether to install updates
    	Install all updates automatically
    	Install only important updates automatically
    Update Address
    	
    Force Check on Reboot
    	*Disable
    	Enable
    Update BIOS via Network
    	Disable
    	*Enable
    Use Proxy
    	*Disable
    	Enable
    Proxy Address
    	
    DNS Configuration
    	*Automatic
    	Manual
    DNS Addresses
    	
    Data transfer timeout
    	100
    IPv4 Configuration
    	*Automatic
    	Manual
    IPv4 Address
    	
    IPv4 Subnet Mask
    	
    IPv4 Gateway
    	
    Force HTTP no-cache
    	*Disable
    	Enable
     [0_1515608672448_HPBios.txt](Uploading 100%) 
    

  • Developer

    @szeraax Thanks for the update. It’s definitely an issue that we will be seeing more and more in the next month.

    Not because it is solved, but because I will just have to wait for a magical time in the future when FOG has support for booting NVMe hard drives decently.

    Unfortunately those things rarely solve themselves magically. People have to work on it. In this case having the hardware at hand seems to be very crucial as your findings reveal (same zbook model showing different behavior). By the way, have you checked firmware versions?
    So what I am trying to say is that it might need your work on testing these things on your devices to hopefully figure things out. But on the other hand I do understand that you/we don’t have the time and expertise to dig through this.

    Maybe try going back to using rEFInd plus adding the clover NVMe driver? As I understand it you should be able to add that driver by simply creating a directory drivers_x64 (EFI/boot/drivers_x64) and putting that clover driver EFI file there. rEFInd should scan that directory and load the driver.

    Not sure if we’d mark this solved.



  • @sebastian-roth Well, I suppose that we can mark this solved at this point.

    Not because it is solved, but because I will just have to wait for a magical time in the future when FOG has support for booting NVMe hard drives decently.

    As a follow up from your last comment, with my test hardware (we had to get a new demo computer), clover boots to windows fine without any configuration at all. No panic/freezing. Weird I know. This is the exact same zbook model, just with different ram/hdd configuration. Also, I still cannot get the clover settings file to get loaded, so I am unable to customize the clover menu. Since by default clover lists your boot options and doesn’t have a autoboot timeout, using clover at default settings means that I would have to hit enter on each physical machine each time I boot it.

    My solution for now is to make the bios boot to HDD instead of network and then configure the option “WOL boot to network” in order to be deploying.

    Thanks again for all your help, and @george1421 too! Y’all are great.



  • @sebastian-roth Don’t believe so, but I’ll try again to double check. I’ll check in with them. Great idea. Dunno if any of them will know the differences between booting off USB and booting off PXE. Here’s to hoping!


  • Developer

    @Szeraax Maybe it’s worth/easier to get on contact with the clover people: https://sourceforge.net/p/cloverefiboot/discussion/ and http://www.insanelymac.com/forum/forum/327-clover/ (both seem active)


  • Developer

    @Szeraax Ah, now I get what you mean. What you wrote sounded a bit different to me.

    https://www.reddit.com/r/hackintosh/comments/3t71yp/clover_freezes_if_usb_30_ports_used/ - is the USB still connected when you try PXE booting?



  • @sebastian-roth

    Additionally, I’ve tried MANY different configurations (no options file, manually set options, use options file (can’t get Fog to load the options file)) and EVERY TIME, it has been consistant that boot from USB -> CLover -> WIndows and no panic. Boot from fog -> Clover -> Windows PANIC!.



  • @sebastian-roth Nope!

    If I put Clover on USB, I can chain to windows just fine.

    Loading Clover via Fog causes windows to freeze on login screen.


  • Developer

    @szeraax said in Can’t chainload past Fog menu (Boot hard drive) - HP zbook laptop:

    My current situation is that no matter what I do when booting off USB, it boots windows fine and no kernel panic (freeze .5s after logon screen appears). And no matter what I do when booting from pxe (Fog -> Clover), windows 10 still freezes .5s after logon screen appears.

    Just so I get this right?! If you boot straight from hard disk everything is perfectly fine. But if you boot from USB or PXE windows freezes soon after logon?



  • @sebastian-roth

    If you have any ideas for me to try, I do still have the hardware and can test.



  • @sebastian-roth No.

    My current situation is that no matter what I do when booting off USB, it boots windows fine and no kernel panic (freeze .5s after logon screen appears). And no matter what I do when booting from pxe (Fog -> Clover), windows 10 still freezes .5s after logon screen appears.

    I have no idea what the cause is.


  • Developer

    @Szeraax Any news on this?



  • @george1421 @Sebastian-Roth Ok, now that just not fair!!!

    If I ONLY have DriveRoot/EFI/BOOT/BOOTX64.efi on the USB drive and boot it with the default options, it works fine. Default options means that I am not doing any ACPI DSDT flag setting, no CPU flag setting, etc. I copied that same .efi file onto fog! So all that stuff that config.plist was supposedly fixing is now out the window since the USB just works regardless of the configuration set.

    So that totally chops up both of the things I was going to investigate next. Thoughts?



  • @george1421 Ok, I can remove all files from the USB drive except for these two files and have windows boot fine:

    DriveRoot/EFI/BOOT/BOOTX64.efi
    DriveRoot/EFI/CLOVER/CONFIG.plist

    If I leave config.plist in that folder and rename it to new.plist, when I boot to USB, that config file is NOT found. Does this suggest that clover has a hardcoded path it looks for a config under? Maybe we can pass it an argument that tells it where its config is at.

    Current things I want to check out:
    -Run same settings as what config.plist sets and see if it’ll chainload to windows fine from fog
    -Find out if I can pass arguments or get the clover.efi to find the config file that is present



  • @george1421 Looks like it still worked the exact same.

    Clover menu looks the same as when I chain’d from fog. Still get kernel panic after about 1s on windows login screen. When I exit clover and return to efi shell, imgstat shows config.plist with the right number of bytes and default.ipxe at 452 bytes (script)

    Going to try enabling some of the options from config.plist to see if I can avoid kernel panic. Also going to try removing extra things from USB to check if there are other external dependancies to just the clover.efi and config.plist.

    I would think it best if we figure out how to get clover to read the config.plist, but I am unsure what the next steps to do that would be.



  • @george1421 haha, I went grepping through /var/www/html and did this exact same thing via ssh before you posted. I made a new menu entry as a copy of $refind

    file: /var/www/html/fog/lib/fog/bootmenu.class.php

                'refind_efi' => $refind,
                'clover_efi' => $clover,
    

    and

            $refind = sprintf(
                'imgfetch ${boot-url}/service/ipxe/refind.conf%s'
                . 'chain -ar ${boot-url}/service/ipxe/refind.efi',
                "\n"
            );
            $clover = sprintf(
                'imgfetch ${boot-url}/service/ipxe/config.plist%s'
                . 'chain -ar ${boot-url}/service/ipxe/clover.efi',
                "\n"
            );
    

    And edited /var/www/html/fog/lib/fog/service.class.php

                'refind_efi',
                'clover_efi',
    

    From my test of this and via running the EFI shell manually, config.plist downloads fine. However, the clover boot menu looks totally different when booted from the USB, suggesting to me that when I exit to clover from fog, it is still not reading the config.plist file (which changes graphic modes and other settings that obviously work). imgstat looks good, etc.

    I am going to try adding the exit type with a different name via the web UI as you suggest and report back.


  • Moderator

    @szeraax ok, lets do a little digging here.

    If you set the exit mode to refind in the webgui this is what it puts in the ipxe menu:

    :fog.local
    imgfetch ${boot-url}/service/ipxe/refind.conf
    chain -ar ${boot-url}/service/ipxe/refind.efi || goto MENU
    

    So in your case you swapped refind.efi for what ever the clover boot loader is. You can see that fog is also sending refind.conf.

    Now as a test create a new fog menu, call it fog.clover with a title of Clover Exit or what ever.

    Make the parameters look like this

    imgfetch ${boot-url}/service/ipxe/config.plist
    chain -ar ${boot-url}/service/ipxe/clover.efi || goto MENU
    

    rename clover.efi to what ever the right name is and make sure both files are in /var/www/html/fog/service/ipxe directory.
    Lastly in the fog menu configuration make this menu show up for all hosts.

    Now pxe boot that host and from the ipxe menu pick the clover exit. The test is to see if we can create a menu entry to properly exit out of iPXE menu to boot.



  • @sebastian-roth @george1421 So if I put clover on a USB drive and boot it with the default config.plist, windows starts fine and seems to have no issues. It may just be that we need to transfer the config.plist with the efi file and that exit type would work great.


  • Developer

    @szeraax said in Can’t chainload past Fog menu (Boot hard drive) - HP zbook laptop:

    Of course, the fact that fog can do single part, resizable imaging on this computer means that it must not be TOO crazy of hardware otherwise I wouldn’t be able to see the disk and such.

    No, you have to understand that those are two very different things although we packed those very closely together in the FOG project. One is the Linux Kernel and a stripped down basic Linux system doing the actual imaging work. Many drivers are part of the Kernel. Another component is iPXE that we use for booting and in some cases for exiting to boot to the local disk. In your case this does not seen to work so we have another ring in the chain called rEFInd which has to have it’s own drivers to be able to see and boot from your local disk.



  • @george1421 Regarding your statement about booting rEFInd into a command shell via USB, I think I can probably do that fairly easily. What commands would you want the output of to get a better idea?

    Of course, the fact that fog can do single part, resizable imaging on this computer means that it must not be TOO crazy of hardware otherwise I wouldn’t be able to see the disk and such.


 

570
Online

41.9k
Users

12.5k
Topics

117.6k
Posts