Pxe uefi boot linux

Griffon’s IT Library

Simple IT Library for the rest of us

Ubuntu – Ultimate PXE Server Setup – BIOS & UEFI Support

In our previous posts (see here, here and here) ,about PXE technology and how to deploy Ubuntu machine through the network, we have seen that since the introduction of UEFI technology and secure boot, the process has changed a little bit and there is a need to combined technologies in order to be able to deploy Ubuntu operating system. It seems that the standard and well accepted approach is to combine pxelinux technology for BIOS-Based systems and to use grub boot loader for UEFI-Based systems.

Technically, it’s possible to use only PXELinux solution in order to Deploy operating systems to BIOS or UEFI based systems. However, some significant limitations exists. These limitations are

• pxelinux cannot be used against UEFI systems when Secure Boot option is enabled (the bootloader is not signed for UEFI secure boot support!!)
• pxelinux on UEFI systems has slow performance issues (related to tftp block size and this seems not to be fixed yet…)

On the other hand, it’s seems also possible to get rid of pxelinux technology completely and replace it with the grub technology. Grub solution can be used to deploy Operating systems on BIOS and UEFI based systems. The advantage of Grub is that all the necessary files have been signed and can be used when secure boot option has been enabled. In some future posts (maybe), just for the challenge, we might provide guidance on how to setup a PXE Server using only PXELinux technology and/or using only grub technology.

In this post (or series of posts), we will provide again a kind of step by step guide in order to setup a PXE Server that can serve at the same time BIOS or UEFI Based systems… It’s should be quite straight forward as most of the aspects have been already discussed in some previous posts.

Overview

This guide will explain how to configure your dhcp/pxe/tftp server infrastructure to support BIOS and UEFI-based systems network installation. This guide will mix PXELinux and grub technology. This combination seems the one that provides the best results when there is a need to deploy operating systems on UEFI or BIOS based systems. Because grub files are signed, this setup will also support UEFI and secure boot option enabled as well

The pxelinux bootloader will be used when BIOS Based systems need to be installed. Grub bootloader approach will be used when UEFI Systems needs to be deployed. The selection of the bootloader will be done automatically when the client boots. The boot process with include a packet information that will tell the PXE server which bootloader to use….

To deploy Ubuntu operating system through the network, necessary infrastructure and server services needs to be present on the network. DHCP, DNS, TFTP, Web and File services are needed in order to build up the needed PXE infrastructure.

Assumptions

The following assumptions have been made in order to have this scenario working

• Hyper-v platform is used to emulated UEFI based virtual machines
• VM Generation 2 will be used in order to have UEFI and SecureBoot option is Enabled (detailed instruction can be found here)
• You have internet connection in order to download additional necessary packages
• You have Ubuntu 18.04 Server ISO or installation files
• You have Ubuntu 18.04 Desktop ISO or installation files

Step by Step Guide

Step 0 – Install Ubuntu 18.04.2 Server Edition

In this post, we will be using Ubuntu 18.04.2 Server as the PXE server. Ubuntu 18.04.2 has been selected because this is a Long Term Service (LTS) release. This post will not explain how to install an Ubuntu server. When your installation is completed, move to the next step

Step 1 – Set a Static IP address on your Ubuntu Server

Ubuntu Server has no Desktop interface available by default. We will need to perform most of the actions through command lines. No fear, you will see it’s quite easy actually. To set a static ip address on your Ubuntu Server, you will need to edit the following file /etc/netplan/50-cloud-init.yaml.

To edit this file, issue the following command

Replace the content of the file with the following one (you might need to update the information based on your infrastructure

In order to apply the changes, we need to execute this command as well

Finally, check that the ip address has been set correctly by issuing the following command

Step 2 – Build up your PXE Server

In this post, we assume that the Ubuntu Server will be hosting all the necessary services needed to implement a proper PXE Infrastructure. To setup a pxe infra, we need to install the following packages

• dnsmasq (providing DHCP,DNS and TFTP services),
• apache web for storage purposes and
• NFS packages if you are planning to deploy Ubuntu Desktop through your PXE infrastructure.

Step 2.1 – Install apache web server

To install the apache package, you will issue the following command

Step 2.2 – Install NFS packages

NFS packages will provide file services capabilities. To install the nfs packages, execute the following commands

Step 2.3 – Install dnsmasq packages

To install the dnsmasq package, you will issue the following command

Step 3 – Create the TFTP Folder Structure

We will create a folder called tftp at root of the filesystem (/tftp). Within this folder, the following structure will be create

To create this structure, you will need to execute the following commands

Step 4 – Upload source files on your PXE Server

Because you are using the Apache Web server, we will be copying all sources files under /var/www/html directory. We will copy the iso files contents of Ubuntu 18.04 Desktop and Ubuntu Server under this location. We will create the following structure first

You can obviously add other version of Ubuntu files and your structure could look like the following

So, mount your iso file into your Ubuntu server. To mount it, issue the following command

Copy the files from the iso image into the correct directory. You can use the following syntax to perform the operation

When the copy is finished, unmount the iso/DVD image from your machine by issuing the following command

Repeat the operation for each operating system sources files you want to copy on your PXE Server

Step 5 – Configuring your NFS Server Settings

Since our folder structure is ready, we can start configuring the different services that are used by the PXE server. To ensure that our directory structure is accessible through the network and through the nfs protocol, we will need to edit the following file by issuing the following command

Insert at the bottom of the file, the path where you have stored your installation files, which subnet can access it and which kind of right you want to grant. In our scenario, we want to grant access to the following directory /var/www/html/bionic/desktop through the network subnet 192.168.1.0/24 and we are granting read only access (ro). So, at the end of the file, we would add the following line

When this has been done, it’s time to restart the nfs service. To do that, you simply execute the following command

Step 6 – Configuring the dnsmasq services

Almost there ! Now, we need to configure the dnsmasq service which will provide the glue between the different services. dnsmasq configuration file will be used to provide the necessary information to the pxe client when it boots. This file will dictate where to look for pxe bootloader based on the client architecture (uefi or bios). So, let’s edit the /etc/dnsmasq.conf file and at the bottom add the following information

To edit the configuration file, issue the following command

Copy and update the following information at the bottom of the file

To have the change applied to your system, you will need to restart the dnsmasq service. To perform such task, you will execute the following command

Then, you should check that the dnsmasq is started correctly and that no errors are reported by issuing the command

Step 7 – Uploading all the necessary files in your TFTP folder Structure

We are almost ready ! Now, we need to get the necessary file placed in your tftp folder in order to have pxe capability.

Step 7.1 – populate bios folder

In the /tftp/bios folder, we will place the pxelinux files needed. To obtain the pxelinux files, you can download the files from the following url (https://mirrors.edge.kernel.org/pub/linux/utils/boot/syslinux/Testing/6.04/). Then, you can copy the following files from pxelinux sources files to /tftp/bios folder

You will also need to create a symbolic link to the /tftp/boot folder. You will need to issue the following command

We will also need to create the folder called pxelinux.cfg under the /tftp/bios folder. Inside this folder, we will create an empty file called default. This file control the pxelinux behavior. We will populate it with the following code

You are ready to move to the next section

Step 7.2 – Populate boot folder

In this step, we need to place the correct bootloader in order for the installation process to start accordingly. Under the /tftp/boot folder, we will create 2 sub folders to make a distinction between the server and the desktop bootloader files. So the folder structure will look like the following

We will copy the necessary files from the /var/www/html location. Issue the following commands to copy the necessary files to the correct location

Step 7.3 – Populate grub folder

Finally, we need to populate the grub folder. This folder contains the files that are needed to boot uefi systems. So, in your system, you will execute the following commands. The commands below basically will download the necessary signed bootloader files and grub files needed by PXE server and extract the contents on their dedicated folders (shim and grub)

When this is done, we can simply copy the needed file into the tftp boot folder. So, execute the following commands. Change the path accordingly based on your settings…

Finally, we will copy two additional files from the source iso image. They will server as base for the next step. So, execute the following commands

Step 7.4 – Create/update the grub.cfg

We are almost done ! Now, we need to create also a boot menu and get the proper option available and working. The grub boot loader reads information from the grub.cfg file. If you have followed this step by step guide, the content of the grub.cfg file should look like this

Step 8 – Test your configuration

This is the fun part ! If everything is working as expected, when you boot your Bios client, you should see the pxelinux boot loader showing up. As you can see on the screenshot below, we have customized a little bit the look’n feel of the boot menu in order to match to the grub boot menu.

Click on picture for better resolution

Doing the same for UEFI computers, you should see a boot menu similar to the following..

Click on picture for better resolution

Final Notes

This is it for this post ! We have provided here a step by step guide in order to setup a PXE server on an Ubuntu Server. This installation guide provides a lot of information and could be used in a bunch of scenarios. Our implementation offers the following benefits

1. can be used to deploy Ubuntu Server or Ubuntu Desktop
2. can be used against BIOS system or UEFI Systems
3. using the minimum necessary files needed to provide pxe boot functionalities
4. provide framework to customize the boot menu so it might fit your corporate identity

We might not have finished our investigations around PXE, PXELinux and Grub solutions. In a future post, we might want to provide some guidances on how to build a PXE server using only PxELInux files or using only Grub Files

Источник

Ubuntu Wiki

PXE-IPv6

Table of Contents

SecureBoot-compatible UEFI netboot over IPv4 and IPv6

UEFI/PXE-netboot-install describes a method for preparing a self-contained netboot image for use with UEFI-based systems. However, with the introduction of UEFI Secure Boot, it is not possible to boot self-built netboot images on all UEFI systems without either disabling Secure Boot on the target system, or updating the Secure Boot key configuration in the firmware and signing your netboot images. This page therefore describes an alternate method for netbooting Ubuntu using a pre-prepared UEFI grub image.

This method also has two additional key features:

• it allows booting to a grub menu providing a selection of boot options
• changes can be made to the boot configuration by dropping in stock Ubuntu netboot images and/or updating the grub.cfg, with no requirement to regenerate special grub images.

It is expected that future versions of MAAS will use the described method for hardware provisioning.

TFTP server configuration

Downloading the standard boot files

Setting up the basic tftp root requires copying into place three main files:

shim.efi.signed from the shim-signed package, installed as bootx64.efi under the tftp root

grubnetx64.efi.signed from the grub2 source package (and shipped in the grub-efi-amd64-signed binary package), installed as ‘grubx64.efi’ under the tftp root

unicode.pf2 from the grub-common package, installed as grub/fonts/unicode.pf2 under the tftp root.

The last of these files is optional, but makes it possible to provide the same high-quality graphical output for the grub menu when netbooting that you get when booting locally.

The uefi-netboot.sh script enables you to download and install all of these files securely from Ubuntu. Ubuntu 13.10 or later is needed to run this script; if your tftp server is deployed on an earlier version of Ubuntu or on a different OS, you will want to create an Ubuntu 13.10 chroot, run the script, and copy the result over to your server. Note that it does *not* verify the grubnetx64.efi.signed file at download time, but instead relies on the fact that the bootx64.efi from the shim package will fail to pass control to grubx64.efi if it is not a properly signed EFI binary. (This does mean that an attacker could intercept your network traffic and replace the real grubx64.efi with any other binary signed by a trusted key, such as a different OS. If this is a concern, you should download the grub-efi-amd64-signed binary package with apt-get and extract the grubnetx64.efi.signed binary instead of using the attached script.)

Configuring the Ubuntu payload

In addition to the stock bootloader files, you will need to copy your kernel and initramfs to the tftp root, and install a grub2 config file at grub/grub.cfg under the tftp root. The kernel and initramfs can be downloaded from archive.ubuntu.com; e.g.:

Here is a sample grub.cfg that offers a single boot entry, assuming that the netboot files have been installed in the precise subdirectory of the tftp root. You can specify as many menuentry sections as you wish.

DHCP server configuration

Once the tftp server has been configured, you will also need to configure your DHCP server to point at it. While it’s easy to set up your tftp server to point all machines at a single tftp resource for PXE booting, chances are you will want to configure your network so that it can boot both BIOS and UEFI systems. The below sample configurations can be used to direct machines of each type to the right tftp payload for booting.

Each of these samples assumes that you already have your dhcp server configured. If you need assistance in setting up your dhcp server, please consult the documentation for the respective packages.

DHCPv4 (dnsmasq)

DNSmasq functions as an all-in-one DHCP, DNS, and TFTP server. Setting up dnsmasq to serve BIOS and UEFI PXE clients is as simple as adding the following three lines to your /etc/dnsmasq.conf:

DHCPv4 (isc-dhcp-server)

The configuration for isc-dhcp-server is slightly more involved than for dnsmasq. Assuming that your tftp server is on ip address 192.168.19.1, you can add the following lines to /etc/dhcp/dhcpd.conf:

Note that unlike dnsmasq, isc-dhcp-server does not include a built-in tftp server, so you will need to run one separately. It’s recommended that you use tftpd-hpa for this.

DHCPv6 (isc-dhcp-server)

If you wish to support netboot over IPv6, you will need to use isc-dhcp-server; at present, dnsmasq does not support the DHCPv6 extensions for tftp booting.

Configuring isc-dhcp-server for DHCPv6 requires running a separate server, even if you already have isc-dhcp-server running for DHCPv4. The DHCPv4 and DHCPv6 servers can run on the same machine, and the Ubuntu isc-dhcp-server supports this with separate isc-dhcp-server and isc-dhcp-server6 upstart jobs.

Note that whereas normally DHCPv6 is only used for supplemental information such as DNS servers, with addresses handled via autoconfiguration in response to router advertisements, when netbooting you must configure your DHCPv6 server to allocate addresses; UEFI firmware will generally not netboot without this.

To enable temporary address assignments and configure UEFI netbooting over IPv6, add lines like the following to /etc/dhcp/dhcpd6.conf. This example assumes a network of 2001:db8:f00f:cafe::/64 with your DHCP/DNS/tftp server using the address of 2001:db8:f00f:cafe::1; you should adjust to match your own IPv6 network configuration.

Once configured, you can start the DHCPv6 server with sudo service isc-dhcp-server6 start.

Note that prior to Ubuntu 13.10, the tftpd-hpa package is configured to listen on 0.0.0.0:69 by default, which causes it to bind to IPv4-only. To support IPv6 netboot you will need to change this in /etc/default/tftpd-hpa to read TFTP_ADDRESS=[::]:69.

Support for other architectures

The IETF maintains a list of known client architectures for DHCP/DHCPv6. You can extend your DHCP configuration to permit netbooting of other client architectures by matching on the corresponding DHCP option value instead of 00:07 (== x86_64 UEFI). For instance, x86_32 UEFI can be supported by matching on an architecture value of 00:06 (‘6′ if using dnsmasq), and ARMv8 can be supported by matching 00:0b (’11’ using dnsmasq). For other architectures, you would not use shim for the payload, and instead boot to grub, or directly to a kernel that has an EFI boot stub.

UEFI/SecureBoot/PXE-IPv6 (последним исправлял пользователь vorlon 2020-02-25 20:19:08)

Источник