I later discovered that iPXE also needs to be signed for SB to function, which I assume is part of the problem. Bootable USB's with our images will continue to work, but booting the same images over iPXE tells us that the images aren't validated. SB only works when UEFI is enabled and Legacy options are disabled (Compatibility Support Module) and enabling Secure Boot. When enabling Secure Boot (SB), the same custom images work (strangely even when removing the keys from the firmware). This works on 90% of our systems (some lack hardware support for anything but Windows). ![]() We generate a vmlinuz and initrd file through our pipeline and push them directly to our iPXE server. These bootable images are created using cpio and dracut. We are trying to boot custom images based on the latest Fedora 34 kernels. All I could find on the official iPXE site was about this eToken. Why? Because I can barely find anything online about how to use iPXE in conjunction with SB. I'm keeping the title short: "Secure Boot".
0 Comments
Leave a Reply. |