@SaturTP said in Client hangs at EFI stub::
@rodluz @sgilbe Hi, I just found a workarround.
Disabling Virtualization, VTx and VTd makes it boot with every kernel at least in my case.
I can confirm just disabling VT the kernel boots 
, thank you @SaturTP
@george1421 oh, sure, I know the purpose of dbx.esl file, and sure … I guess it’s optional because usually you won’t need/want to include any certificate in your custom dbx.esl so you’re not even generating it … But if you’re not generating it … I don’t see necessary to explicitly include that mv in the guide, at least … I’d write explicitly that step is optional and it depends on you have generated the dbx.esl 
But again … it’s up to you
@george1421 well, after some tests … The problem is apparently I have to sign also the refind_x64.efi binary, not sure if refind.efi is actually loading refind_x64.efi … but I’d suggest also to include this point in your tutorial. In fact I’m guessing you should also sign refind_ia32.efi and refind_aa64.efi as your whole environment could include also another archs.
Not sure if you’ll edit your tutorial with my suggestions … but I’ll write a little document for myself 
also … I think the signing process (with sbsign) may be automated in a bash script with a for loop, but your tutorial is still very valuable and helpful. This would be just a minor improvement. However … I think I’m going to write some script to try to automate the whole process, I could send it to you if you are interested in 
Thank you again @george1421 and I hope you find also useful my suggestions
Hi @george1421! Thank you for your answer
Well, I think the very same, so not sure if I should repeat the whole process (including FOG initial deployment/install), but sure, this wouldn’t seem a SecureBoot problem if it weren’t because of this setting in the firmware
I can see your firmware hasn’t that Secure Boot submenu, so … not sure how this could be interfering … but I’m having this issue when I set this in Deployed Mode. However, Audit Mode works as I expect, and … according to the description in my screenshot I’d say the proper value for production is Deployed Mode, and this should work in a very similar way Audit Mode does.
So not sure if this has something to do with some kind of network misconfiguration.
The most important fixes I’d suggest to your tutorial are the following, btw:
mv dbx.esl dbx-fog.esl as you are not generating any dbx.esl, you cannot even run that command successfully as dbx.esl file doesn’t exist chain tftp:/${fog-ip}/EnrollKeys.efi for fog.keyenroll should actually be chain tftp://${fog-ip}/EnrollKeys.efiAside this … the tutorial is so helpful so … congratulations @george1421 and thank you a lot for your answer again.
Hi everyone,
I’ve been trying to follow this awesome tutorial (thank you to @george1421, btw ) because it looks promising, and I’ve got my setup partially working as I’m able to boot iPXE and refind, I’m even able to take an image of my added host, I’m able even to boot Windows from the firmware boot menu… However… the default entry in refind (“Boot from hard disk”) is not working, not sure what’s actually running this entry, … but it’s not able to boot the actual hard disk. In fact it has a weird behavior … because apparently that entry is trying to load refind, but you can see in this video it’s not able to fetch refind.conf.
Anyway … I’m a little bit confused … because if I press s to get into de iPXE shell, and run manually
imgfetch http://<my-fog-ip>/fog/service/ipxe/refind.conf
chain -ar http://<my-fog-ip>/fog/service/ipxe/refind_x64.efi
It seems to work… but I have again the very same menu. So … some idea about what could be happening or how may I debug this behavior?
Thank you very much!
PS: I’d suggest some minor fixes for @george1421 tutorial, but it’s a closed topic … so not sure if those might be fixed
Well, first of all … I’m sorry for getting up this old post.
Secondly … I’ve been reading some posts on this forum … and I’ve found this one which I think it’s very interesting to be linked in here (not sure if you’ve linked it yet, but I’d say I can’t see the link anywhere).
After researching a little bit more about this topic … I’ve found this project … which not sure if it could be interesting also. What do you think? Could this make easier the process described in @george1421’s tutorial?
Thank you guys, and so sorry again because I’ve created a new topic instead replying in here 
maybe some mod can remove it
I’m having the very same problem but with automatic registration processes (quick and full) from the FOG’s grub menu.
I’d say the problem is actually the ‘/var/lock’ folder as it makes no sense to me that ‘touch’ cannot create a file, so I’m guessing it’s the actual path what doesn’t exist. But where? … the path exists in the FOG server so … not sure where should this path be created … 
I’d appreciate some help from FOG devs