• Recent
    • Unsolved
    • Tags
    • Popular
    • Users
    • Groups
    • Search
    • Register
    • Login

    UEFI secure boot off not working with DDWRT

    Scheduled Pinned Locked Moved
    FOG Problems
    2
    9
    924
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • N
      NuTech3
      last edited by

      I have been able to use DDWRT successfully for years however since new desktops and laptop are not allowing legacy boot, I cannot get devices to pxe-boot. I have placed these settings in the DNSMasq Options:
      dhcp-match=set:bios,60,PXEClient:Arch:00000
      dhcp-match=set:efi32,60,PXEClient:Arch:00006
      dhcp-boot=net:UEFI32,i386-efi/ipxe.efi,192.168.112.24
      dhcp-boot=net:UEFI,ipxe.efi,192.168.112.24
      dhcp-boot=net:UEFI64,ipxe.efi,192.168.112.24

      1 Reply Last reply Reply Quote 0
      • george1421G
        george1421 Moderator
        last edited by

        Two things.

        1. FOG is not compatible with Secure boot == enabled.

        2. For dnsmasq I can’t say for dnsmasq settings, but for dnsmasq settings on a standalone server these work perfectly with FOG.

        # Don't function as a DNS server:
        port=0
        
        # Log lots of extra information about DHCP transactions.
        log-dhcp
        
        # Set the root directory for files available via FTP.
        tftp-root=/tftpboot
        
        # The boot filename, Server name, Server Ip Address
        dhcp-boot=undionly.kpxe,,<fog_server_IP>
        
        # Disable re-use of the DHCP servername and filename fields as extra
        # option space. That's to avoid confusing some old or broken DHCP clients.
        dhcp-no-override
        
        # inspect the vendor class string and match the text to set the tag
        dhcp-vendorclass=BIOS,PXEClient:Arch:00000
        dhcp-vendorclass=UEFI32,PXEClient:Arch:00006
        dhcp-vendorclass=UEFI,PXEClient:Arch:00007
        dhcp-vendorclass=UEFI64,PXEClient:Arch:00009
        
        # Set the boot file name based on the matching tag from the vendor class (above)
        dhcp-boot=net:UEFI32,i386-efi/ipxe.efi,,<fog_server_IP>
        dhcp-boot=net:UEFI,ipxe.efi,,<fog_server_IP>
        dhcp-boot=net:UEFI64,ipxe.efi,,<fog_server_IP>
        
        # PXE menu.  The first part is the text displayed to the user.  The second is the timeout, in seconds.
        pxe-prompt="Booting FOG Client", 1
        
        # The known types are x86PC, PC98, IA64_EFI, Alpha, Arc_x86,
        # Intel_Lean_Client, IA32_EFI, BC_EFI, Xscale_EFI and X86-64_EFI
        # This option is first and will be the default if there is no input from the user.
        pxe-service=X86PC, "Boot to FOG", undionly.kpxe
        pxe-service=X86-64_EFI, "Boot to FOG UEFI", ipxe.efi
        pxe-service=BC_EFI, "Boot to FOG UEFI PXE-BC", ipxe.efi
        
        dhcp-range=<fog_server_IP>,proxy
        

        ref: https://forums.fogproject.org/topic/12796/installing-dnsmasq-on-your-fog-server

        Please help us build the FOG community with everyone involved. It's not just about coding - way more we need people to test things, update documentation and most importantly work on uniting the community of people enjoying and working on FOG!

        N 1 Reply Last reply Reply Quote 0
        • N
          NuTech3 @george1421
          last edited by

          @george1421 Thanks for you reply. I have very little linux command skills. I setup the Fog Server using the tutorial. Where do I put these settings and how?

          1 Reply Last reply Reply Quote 0
          • george1421G
            george1421 Moderator
            last edited by

            Well you said you had these in ddwrt for years.

            dhcp-match=set:bios,60,PXEClient:Arch:00000
            dhcp-match=set:efi32,60,PXEClient:Arch:00006
            dhcp-boot=net:UEFI32,i386-efi/ipxe.efi,192.168.112.24
            dhcp-boot=net:UEFI,ipxe.efi,192.168.112.24
            dhcp-boot=net:UEFI64,ipxe.efi,192.168.112.24
            

            Those are not specifically right, not specifically wrong, but not right.

            I would think this might get you closer. Some firmware require the last bit too

            dhcp-boot=undionly.kpxe,,192.168.112.24
            
            dhcp-vendorclass=BIOS,PXEClient:Arch:00000
            dhcp-vendorclass=UEFI32,PXEClient:Arch:00006
            dhcp-vendorclass=UEFI,PXEClient:Arch:00007
            dhcp-vendorclass=UEFI64,PXEClient:Arch:00009
            
            dhcp-boot=net:UEFI32,i386-efi/ipxe.efi,,192.168.112.24
            dhcp-boot=net:UEFI,ipxe.efi,,192.168.112.24
            dhcp-boot=net:UEFI64,ipxe.efi,,192.168.112.24
            

            Last bit that some firmware requires

            pxe-prompt="Booting FOG Client", 1
            
            # The known types are x86PC, PC98, IA64_EFI, Alpha, Arc_x86,
            # Intel_Lean_Client, IA32_EFI, BC_EFI, Xscale_EFI and X86-64_EFI
            # This option is first and will be the default if there is no input from the user.
            pxe-service=X86PC, "Boot to FOG", undionly.kpxe
            pxe-service=X86-64_EFI, "Boot to FOG UEFI", ipxe.efi
            pxe-service=BC_EFI, "Boot to FOG UEFI PXE-BC", ipxe.efi
            

            Please help us build the FOG community with everyone involved. It's not just about coding - way more we need people to test things, update documentation and most importantly work on uniting the community of people enjoying and working on FOG!

            N 1 Reply Last reply Reply Quote 0
            • N
              NuTech3 @george1421
              last edited by

              @george1421 Thanks George. I used your link to find out how to get to the dnsmasq.d. The file is already there. I viewed it and all of those settings are present. I also ran ps aux|grep dnsmasq to make sure it was running. I am going to remove the setting from DDWRT and see if it works.

              george1421G 1 Reply Last reply Reply Quote 0
              • george1421G
                george1421 Moderator @NuTech3
                last edited by

                @NuTech3 OK so you installed dnsmasq on your fog server and are no longer using dnsmasq on ddwrt? If so make sure you remove the values from the config file and stop dnsmaq on your router (it may not be possible with ddwrt, I simply don’t know)

                Please help us build the FOG community with everyone involved. It's not just about coding - way more we need people to test things, update documentation and most importantly work on uniting the community of people enjoying and working on FOG!

                N 2 Replies Last reply Reply Quote 0
                • N
                  NuTech3 @george1421
                  last edited by

                  @george1421 Dnsmaq was already present. It may have been installed in the installation process. I have the router functioning as DCHP server. Do I need to disable that and set that up on the Fog Server?

                  1 Reply Last reply Reply Quote 0
                  • N
                    NuTech3 @george1421
                    last edited by

                    @george1421 Does the Fog Server need to operate as the DHCP Server? I did not set that up during the initial install. I remember seeing the message not to enable DHCP on the Fog Server.

                    george1421G 1 Reply Last reply Reply Quote 0
                    • george1421G
                      george1421 Moderator @NuTech3
                      last edited by george1421

                      @NuTech3 said in UEFI secure boot off not working with DDWRT:

                      Does the Fog Server need to operate as the DHCP Server?

                      No fog does not need to operate as a dhcp server. BUT if you did install the dhcp server as part of the FOG install, then there would be no need for dnsmasq since the isc-dhcp server that fog uses is preconfigured to support both bios and uefi systems.

                      DNSMASQ has several modes of operation, but if you use my config file from the tutorial exactly DNSMASQ will operate in a proxydhcp mode. In this mode it supplements the main dhcp server with pxe boot information only. We will typically use dnsmasq running on a fog server when the main dhcp server is either incapable of sending pxe boot information (as in some soho routers) or the dhcp server is unmodifiable for some reason not related to FOG.

                      The interesting aspect of using dnsmasq on the fog server is that if the fog server is powered off so is dnsmasq. With dnsmasq off there is no chance of being directed to a server that is not powered on.

                      Please help us build the FOG community with everyone involved. It's not just about coding - way more we need people to test things, update documentation and most importantly work on uniting the community of people enjoying and working on FOG!

                      1 Reply Last reply Reply Quote 0
                      • 1 / 1
                      • First post
                        Last post

                      148

                      Online

                      12.1k

                      Users

                      17.3k

                      Topics

                      155.4k

                      Posts
                      Copyright © 2012-2024 FOG Project