PXE booting different OS's with UEFI

Jump to latest Follow Reply
B

brendan_kearney

Ars Tribunus Militum
2,076
  • #1
    i have dhcp, tftp and www services setup to run PXE boots and use it for all my fedora builds and VMs. works great. i am now trying to setup PXE boot for Kali linux, and want to be able to boot a new "live" VM or PXE boot my laptop with the live image. I have Fedora Live working, but i am getting an error when trying to PXE boot Kali linux. the error is "bad shim signature" and "you need to load the kernel first". i am not sure where i am going wrong.

    this works for fedora:
    Code: 
    menuentry 'Start Fedora-Workstation-Live 38' --class fedora --class gnu-linux --class gnu --class os {
        linux /linux-install/F38svr/vmlinuz root=live:http://www.bpk2.com/F38wks/LiveOS/squashfs.img boot=live rd.live.image quiet rd.luks=0 rd.md=0 rd.dm=0 ip=dhcp
        initrd /linux-install/F38svr/initrd.img
}
    this is throwing the error for Kali:
    Code: 
    menuentry "Kali Linux Live" --hotkey=l {
        #linuxefi /linux-install/Kali/vmlinuz-6.1.0-kali9-amd64 boot=live components quiet splash noeject findiso=${iso_path}
        linuxefi /linux-install/Kali/vmlinuz-6.1.0-kali9-amd64
        initrdefi /linux-install/Kali/initrd.img-6.1.0-kali9-amd64 root=http://www.bpk2.com/Kali/live/filesystem.squashfs boot=live components quiet splash noeject
}
    i have noticed that the bootx64.efi for fedora differs from the one for Kali, and i dont know if that is relevant. are the UEFI signed pieces in those, or can i boot any os from a working version of the file? what might i need to do, to get Kali booting from my PXE env?
     
    B

    brendan_kearney

    Ars Tribunus Militum
    2,076
  • #3
    that seems to have gotten me further, as the OS started to load. thanks for the tip. it wound up panicking because of a missing disk or partition. since its a live boot, it should be a virtual disk in memory. i may have to juggle the kernel options at boot, to get things working from here.

    is there a way i can have secure boot turned on and be able to live boot another OS? what are the mechanics behind why its not working, and what it takes to boot different OS's when secure boot is enabled?
     
    malor

    malor

    Ars Legatus Legionis
    16,093
  • #5
    I'm not at all familiar with how PXE booting interacts with UEFI, but it looks like you're booting Fedora in MBR mode (no security), where you're trying to boot Kali in EFI mode, and failing the Secure Boot checks.

    I'm pretty sure there's a version of bootx64.efi that had bugs in it, and its signature was revoked in most BIOSes. If you can find a newer version of that file and copy it in, Secure Boot might work fine.

    Alternately, you might be able to boot Kali in MBR mode, like it seems you're booting Fedora.
     
    B

    brendan_kearney

    Ars Tribunus Militum
    2,076
  • #8
    the menu entries i have above are from the grub.cfg. because of how i have things setup, the directory path is /export/tftp/linux-install/efi/. this is the path that serves tftp requests for UEFI clients. BIOS clients call for "default" in /export/tftp/linux-install/pxelinux.cfg/. the menu entry for fedora does work, when my laptop is using secure boot and UEFI. i can boot the live image from the web mounted ISO.

    when i tried the Kali instance, it booted and started to load, but it seems that the kernel params and whatever are borked and need to be put in the right place. i think fedora and the like keep params on the "linux" line, while debian and other distros put the params on the "initrd" line. either way, initial load begins and fails, so i am moving in the right direction.
     
    Gandalf007

    Gandalf007

    Ars Tribunus Angusticlavius
    6,878
    Subscriptor
  • #10
    brendan_kearney said:
    i think fedora and the like keep params on the "linux" line, while debian and other distros put the params on the "initrd" line. either way, initial load begins and fails, so i am moving in the right direction.
    Click to expand...
    I don't think that is right... I've certainly never seen boot parameters on the initrd line. It's always on the kernel line ("linux" in grub2 parlance) or sometimes a separate line called something like "options" or "extra". Any parameters not recognized by the kernel are passed through to init.

    Also, I believe the "linuxefi" and "initrdefi" commands are deprecated in recent version of GRUB 2, where even EFI just uses linux/initrd. YMMV.

    While checking a Fedora VM, I discovered that Fedora (and apparently RHEL 9, and maybe recent versions of 8) now use this Boot Loader Specification format that is basically systemd-boot compatible entry files, which get loaded into the GRUB menu at boot time via
    Code: 
    insmod blscfg
blscfg
    Then there are no more "normal" Linux boot entries in grub.cfg.
     
    You must log in or register to reply here.
    Jump to latest Follow Reply
    Jump to latest Follow Reply