Serve different types of .efi boot files

dureal99d

@george1421 tcdump here of another machine Asus R503U

george1421

@dureal99d well on the first one I didn’t see any systems that transmitted their uuid in dhcp option 97. That sux a bit.

You might also want to learn about capture filters in wireshark. They are similar to the capture filters for tcpdump.

‘udp.port == 67 or udp.port == 68 or udp.port == 69 or udp.port == 4011’ this one is equiv to the tcpdump one we were using. Let me look at the ASUS computer.

dureal99d

@george1421 said in Serve different types of .efi boot files:

might also want to learn about capture filters in wireshark

for asus 00000011-0000-0000-0000-50465d986f3c / udp.port == 68

george1421

@dureal99d The asus one has something we can work with. That dhcp option 97 is ‘00000011-0000-0000-0000-50465d986f3c’

I can tell you if you boot this computer in bios mode (just for this test) you will probably see this listed on the initial pxe boot screen as GUID.

This number should also be visible in the /var/log/syslog or where ever dnsmasq is writing its log. In my testing the value from wireshark did not match up exactly with what was found in the dnsmasq log. You need the value that looks similar from the dnsmasq log. But with that information we can take the next step to create a match test.

george1421

@dureal99d said in Serve different types of .efi boot files:

@george1421 said in Serve different types of .efi boot files:

might also want to learn about capture filters in wireshark

for asus 00000011-0000-0000-0000-50465d986f3c / udp.port == 68

Bonus points for you!!

dureal99d

@george1421 said in Serve different types of .efi boot files:

You need the value that looks

ok

george1421

@dureal99d Which computer needs the special kernel the ASUS or Lenovo?

dureal99d

@george1421 they both like that intel1756.efi kernel

george1421

@dureal99d Like it enough to make that your default kernel and then the ones that don’t like it you make exceptions for? Use the 80/20 rule what do you have the most of on your campus and then make that your default kernel and the others be the exception.

dureal99d

@george1421 I have a lot of mixed clients, a good amount don’t mind the standard ipxe.efi. some are just a bit more diva like these 2

dureal99d

@george1421 this is what i see 00:11:00:00:00:00:00:00:00:00:00:50:46:5d...

dureal99d

@george1421 the entire readout

Oct 12 12:59:32 dureal99d-Precision-WorkStation-T5400 dnsmasq-dhcp[1280]: 3272245650 available DHCP subnet: 192.168.1.109/255.255.255.0
Oct 12 12:59:32 dureal99d-Precision-WorkStation-T5400 dnsmasq-dhcp[1280]: 3272245650 vendor class: PXEClient:Arch:00007:UNDI:003016
Oct 12 12:59:32 dureal99d-Precision-WorkStation-T5400 dnsmasq-dhcp[1280]: 3272245650 PXE(enp8s0) 50:46:5d:98:6f:3c proxy
Oct 12 12:59:32 dureal99d-Precision-WorkStation-T5400 dnsmasq-dhcp[1280]: 3272245650 tags: BC_UEFI, enp8s0
Oct 12 12:59:32 dureal99d-Precision-WorkStation-T5400 dnsmasq-dhcp[1280]: 3272245650 next server: 192.168.1.109
Oct 12 12:59:32 dureal99d-Precision-WorkStation-T5400 dnsmasq-dhcp[1280]: 3272245650 broadcast response
Oct 12 12:59:32 dureal99d-Precision-WorkStation-T5400 dnsmasq-dhcp[1280]: 3272245650 sent size:  1 option: 53 message-type  2
Oct 12 12:59:32 dureal99d-Precision-WorkStation-T5400 dnsmasq-dhcp[1280]: 3272245650 sent size:  4 option: 54 server-identifier  192.168.1.109
Oct 12 12:59:32 dureal99d-Precision-WorkStation-T5400 dnsmasq-dhcp[1280]: 3272245650 sent size:  9 option: 60 vendor-class  50:58:45:43:6c:69:65:6e:74
Oct 12 12:59:32 dureal99d-Precision-WorkStation-T5400 dnsmasq-dhcp[1280]: 3272245650 sent size: 17 option: 97 client-machine-id  00:11:00:00:00:00:00:00:00:00:00:50:46:5d...```

Tom Elliott

@dureal99d said in Serve different types of .efi boot files:

Oct 12 12:59:32 dureal99d-Precision-WorkStation-T5400 dnsmasq-dhcp[1280]: 3272245650 vendor class: PXEClient:Arch:00007:UNDI:003016

That is what I see:

george1421

@dureal99d Ok that is a bit what I saw when I was working on the tutorial at home. There has to be an easier way, I just haven’t learned it yet.

But here is what I did, I mashed the two values together.

# From wireshark.
00000011-0000-0000-0000-50465d986f3c
# Translated into 2 nibble hex numbers
00:00:00:11:00:00:00:00:00:00:50:46:5d:98:6f:3c

# From dnsmasq log
00:11:00:00:00:00:00:00:00:00:00:50:46:5d...

#Side by side aligned
   00:00:00:11:00:00:00:00:00:00:50:46:5d:98:6f:3c
00:11:00:00:00:00:00:00:00:00:00:50:46:5d...

#Missing bits filled into the dnsmasq one
00:11:00:00:00:00:00:00:00:00:00:50:46:5d:98:6f:3c

End results to create the unique uuid for this asus computer. 00:11:00:00:00:00:00:00:00:00:00:50:46:5d:98:6f:3c

So now we need to make one of those magical dnsmasq filters that will identify this computer for us.

Edit (duh, I just realized that the 50:46:5d:98:6f:3c of that uuid is the mac address of that computer. That won’t do for us exactly. but we are close)

dureal99d

@george1421 I see

george1421

@dureal99d This one may be harder than with the Dell computers I’ve tested on. The uuid is actually made up of two parts the IAID which should indicate the model and DUID which should should be device specific. In this case the model identifier is ‘00:11:00:00:00:00:00:00:00’ We can filter on that, but it doesn’t look too unique.

george1421

@Tom-Elliott said in Serve different types of .efi boot files:

Oct 12 12:59:32 dureal99d-Precision-WorkStation-T5400 dnsmasq-dhcp[1280]: 3272245650 vendor class: PXEClient:Arch:00007:UNDI:003016

That is what I see:

Not ignoring you on this. The vendor class (option 60) doesn’t have anything that is unique to describe this machine. While the arch does tell you if it is a uefi or bios machine that is all that can be gleaned from that option. The UNDI part is only what version of UNDI the client supports. The Dell 6230 I had also had a undi value of 003 016 and that one used ipxe.efi or snp.efi for a uefi boot.

The UUID (option 97) is suppose to be unique on a model (first half of uuid) and device (second half of uuid). on a per machine basis. My hope is that we can use the uuid for this. The only other thing that is unique in the dhcp request is the mac address, but then you will need a match filter for every mac address you want a unique iPXE boot kernel for. That (IMO) is not very sustainable if you have more than about 20 devices on your campus.

dureal99d

@george1421 said in Serve different types of .efi boot files:

The

I don’t mind adding mac addresses. I tried to use the uuid number you generated and perhaps I did it wrong. but here is my file now.

# Don't function as a DNS server:
port=0

# Log lots of extra information about DHCP transactions.
log-dhcp

# Set the root directory for files available via FTP.
tftp-root=/tftpboot

# Disable re-use of the DHCP servername and filename fields as extra
# option space. That's to avoid confusing some old or broken DHCP clients.
dhcp-no-override

# inspect the vendor class string and match the text to set the tag
dhcp-vendorclass=BIOS,PXEClient:Arch:00000
dhcp-vendorclass=IA32_UEFI,PXEClient:Arch:00006
dhcp-vendorclass=BC_UEFI,PXEClient:Arch:00007
dhcp-vendorclass=X86-64_EFI,PXEClient:Arch:00009

#UUID for a asus r503u I tested (this info was gleaned from the dnsmasq log file that recorded
# a pxe boot session of this target computer
dhcp-match=set:r503u,97,00:11:00:00:00:00:00:00:00:00:00:50:46:5d:98:6f:3c

# The default boot filename, Server name, Server Ip Address
dhcp-boot=undionly.kpxe,,192.168.1.109

# Set the boot file name based on the matching tag from the vendor class (above)
dhcp-boot=net:IA32_UEFI,i386-efi/ipxe.efi,,192.168.1.109
dhcp-boot=net:BC_UEFI,ipxe.efi,,192.168.1.109
dhcp-boot=net:X86-64_EFI,ipxe.efi,,192.168.1.109

# Our test to ensure both the BC_UEFI and r503u tags are set. 
dhcp-boot=tag:BC_UEFI,tag:r503u,intel7156.efi,192.168.1.109,192.168.1.109

# PXE menu.  The first part is the text displayed to the user.  The second is the timeout, in seconds.
pxe-prompt="Booting FOG Client", 3

# The known types are x86PC, PC98, IA64_EFI, Alpha, Arc_x86,
# Intel_Lean_Client, IA32_EFI, ARM_EFI, BC_EFI, Xscale_EFI and X86-64_EFI
# This option is first and will be the default if there is no input from the user.

# PXEClient:Arch:00000
pxe-service=X86PC, "Boot BIOS PXE", undionly.kpxe

# PXEClient:Arch:00007
pxe-service=BC_EFI, "Boot UEFI PXE-BC", ipxe.efi

# PXEClient:Arch:00009
pxe-service=X86-64_EFI, "Boot UEFI PXE-64", ipxe.efi

dhcp-range=192.168.1.109,proxy```

Wayne Workman

@george1421 said in Serve different types of .efi boot files:

The UUID (option 97) is suppose to be unique on a model (first half of uuid) and device (second half of uuid). on a per machine basis. My hope is that we can use the uuid for this.

Well that would be amazing. We should work on using that for ISC-DHCP too.

george1421

@Wayne-Workman said in Serve different types of .efi boot files:

Well that would be amazing. We should work on using that for ISC-DHCP too.

It would be wonderful if all hardware manufacturers did this too. But as with the Lenovo the OP has, its all zeros. As long as that is model unique then we can work with it, but I suspect all lenovos have that set to zero.

From what I understand isc-dhcp can do this too like dnsmasq make run time decisions based on what client advertises. I just haven’t dug into the isc-dhcp settings as of now to say for absolute.