Network booting a Mac
I’m back at it again! We reimaged our testing unit with El Capitan and we ran into a different snag all-together. With El Cap, they implemented System Integrity Protection (SIP) so our usual Bless commands aren’t working anymore.
I’ve been trying to do research for the past week to figure out how to do vendor-class based DHCP custom settings for the system. It’s a late-2013 iMac (iMac14,1). However I’ve had no success with it thus far. The linked article below is the closest I’ve got to a solution.
Tried “iMac14,1” and “AAPLBSDPC” but neither have worked (so far).
Should I create a different thread for this topic?
@Louis-CSUSA we are here now.
Requesting that a @Moderators split up this thread into two (the original topic about the FOG client, and the new topic about OS X net booting).
I don’t know if it’s been posted yet in this thread, but might as well put it in here:
Good description Wayne! I might add that vendor class identifier for Mac clients is a bit different to what we know from PC world but it’s still pretty straight forward from what I know.
- The first part is always the same:
AAPLBSDPC/(which is just the Apple specific identifier for netboot or what they call BSDP - Boot Service Discovery Protocol - an extended DHCP protocol,
- then you have the architecture:
i386(all Intels) or
ppc(the older Power PC models) again followed by a
- and a model specific part. This is not a secret but actually pretty nice I find. You can find all the non-cryptic labels on the web, e.g. here - also linked to the model specs, so you can’t really go wrong as long as you know which Mac you have in front of you.
While a agree with Apple not always following others for standards I actually find those vendor class IDs quite nice. As well BSDP might seem a bit more complex on first sight but ISC-DHCP is “silver-tongued” enough to tame this beast I reckon.
@Louis-CSUSA Feel free to contact me for details on BSDP and getting ISC-DHCP setup properly!
- The first part is always the same:
I’ve been trying to do research for the past week to figure out how to do vendor-class based DHCP custom settings for the system. It’s a late-2013 iMac (iMac14,1).
To know exactly what your vendor class identifier is, just do a packet capture with Wireshark on your DHCP server, network boot the Mac, and then stop the capture.
Then examine the capture, use the
bootpfilter at the top, and apply it with the little arrow (this is still in wireshark). That filter will just show you DHCP communication.
Then look at the Discovery packet from the host you network booted. Look at it’s option 60, I think. To do that, double click the packet. A new window will open. Expand the bottom line, and there will be some numbered options. One will be 60. That’s your vendor string.
However - don’t think your work is done there. Apple likes to give a unique identifier for every single model it makes, and likes to not conform to industry-standard vendor classes.
This would have to be done at a per-machine basis, no?
Correct. I kind of forgot about this because I made those SIP changes and blessed all of our Macs via SSH (clusterssh) in one go. If you have any kind of remote command control enabled on your Mac clients this would be a viable way to go for you as well. This is a chicken or the egg causality dilemma! How do you mass deploy things (NVRAM settings as
blessor Tom S’s mac-boot) when you cannot mass PXE boot or mass remote control (yet)?
I think there are only two options out of this:
- Use USB keys to boot (you can download iPXE boot ISO here)
- Get netboot/bootp/DHCP setup properly and collect a good amount of stones to put on your keyboard for holding down the n key when booting
Am I missing some other option here?
@Sebastian-Roth This would have to be done at a per-machine basis, no?
If so, that wouldn’t work for our large deployments.
@Tom-S Is there a guide somewhere on how to create the FOG USB bootable?
Also, for your Macbook Air, I’m assuming you are using a ThunderBolt Ethernet adapter to image it? If so, how do you keep track of the hosts since the MAC address is based off the adapter and not the machine’s mac?
@Louis-CSUSA If you don’t mind disabling SIP: http://stackoverflow.com/questions/32932961/osx-10-11-el-capitan-setting-boot-device-property-not-working (makes
blesswork again). For what it’s worth…
@Louis-CSUSA please understand, Apple uses a method of pxe booting called bootp. This is not pxe nor is really compatible. You can specify an efi option in dhcp but realize, that even if you get it to work, changes in osx firmware will most likely break this at a later time. Again the most reliable way to start and consistently get this to work is using a USB drive to start.
If you can’t get fog to boot from a USB and the correct efi file(also understand the ipxe.efi file in fog is not compatible with osx) getting a true pxe boot solution to work is going to be frustrating.
Try the Mac Boot app again under el Capitan and select create media and use the USB option.
If this does not get you further a rebuild of a custom efi module is going to have to be done. I can help with this!! I am currently booting 2016 iMac Mac pro and macbook air from my USB created in mac boot
Try that and let me know how it goes