Lenovo N22 USB EFI boot



  • Running Fog Trunk 7248

    I am trying to boot a lenovo N22 to get an image. This computer does not have a NIC, so I am using a usb 2.0 adapter.

    I used https://wiki.fogproject.org/wiki/index.php?title=USB_Bootable_Media to create the drive. It boots to the fog menu, however when I try to register the host, I receive the attached error. 0_1463153775680_IMG_9383.jpg

    The USB drive works if I efi boot from a machine with a built in nic.

    Anyone else experience this error?



  • @george1421 @Sebastian-Roth You can mark this as solved. Since this was a loaner unit from Lenovo, they locked down the bios so I could not fully disable the security chip. Once I changed the bios I was able to disable the chip and image the laptop :)

    Thanks for you help


  • Moderator

    [housekeepeing] Moving thread to the hardware section. This is not a windows issue (yet) [/housekeeping]


  • Developer

    @monasmith529 Please take a picture of the BIOS setting for the security chip you disabled and a picture of the error you see (if it’s not exactly the same as in the original pic)!

    I’ve put in a couple of days work to get this other thread solved. Talked to the iPXE devs, compiled debug enabled binaries, added signature enabled binaries and all that just to find out that this was not a software issue. So please understand that I am not very fond of digging into this from the FOG/iPXE side yet. The error is exactly the same as in the other post and I wonder if it’s just some kind of TPM/security chip issue again. Please double check all the settings and read through the other thread (the whole lot). Try the suggestions (e.g. debug enabled ipxe.efi binary) I posted there to see if you get all the same error messages.



  • @Sebastian-Roth @Scott-Adams . Thanks for the reply and Sorry I am just not getting time to check and do some troubleshooting. I have disabled the security chip in the bios but that has not changed anything. I have not been able to try a usb3.0 pxe device, because my lenovo rep told me they will not work, hence the reason I bought the 2.0 device.

    Any other suggestions?


  • Developer

    @Scott-Adams said:

    Also, within the Lenovo BIOS, you may want to see if Secure Boot is enabled. If so, you want to disable it.

    Scott is absolutely right. But I guess what we have here is the Lenovo extra security chip issue. Read this (yes the whole lot!). I nearly ripped my hair out trying to find that… damn (sorry for that).


  • Moderator

    Just thinking out loud here.

    You booted via uefi usb stick into iPXE.
    iPXE was able to pick up an IP address from dhcp on that usb 2.0 network adapter (assuming so since it downloaded bzImage).
    I see that bzImage (the kernel) transferred OK, but there isn’t any reference to the init.xz (the virtual hard drive) being transferred to the iPXE kernel.
    Now we see basically it couldn’t execute the bzImage.

    Right now you are at the stage where iPXE appears to transfer the images to iPXE but it can’t boot the FOS client OS (the software that deploys or uploads the images to the target computer).

    I the bzImage. I think Scott Adams is right you should check the secure boot setting. If you can switch that device into legacy mode you might be better off.

    If uefi is your only choice, I might recommend that you find a supported usb 3.0 network adapter that supports PXE booting on that Lenovo. The Lenovo uefi firmware must support the usb 3.0 device or pxe booting is not supported.



  • Also, within the Lenovo BIOS, you may want to see if Secure Boot is enabled. If so, you want to disable it.



  • You could try a couple of different things here.

    1. In your kernel parameters under FOG Configuration -> FOG Settings -> General Settings, enter a value of "has_usb_nic=1"
      minus the quotes

    2. On your DCHP server, change your boot file to an efi file, which is compatible with the UEFI bios of the Lenovo. I typically use snponly.efi, but have had success with ipxe.efi as well.

    If everything is successful, you could then create a group for this model device and put in the kernel parameters in the group. Add these devices to the group, then they will always have the parameter applied.

    You don’t want to leave the parameter set (from option 1). This will cause other devices to not be able to image.


Log in to reply
 

640
Online

38725
Users

10554
Topics

99911
Posts

Looks like your connection to FOG Project was lost, please wait while we try to reconnect.