- A TFTP server
- A HTTP server (needs to support custom configuration, ideally nginx)
- The ability to configure custom DHCP options on your existing DHCP server.
x64/snponly_x64.efi
(Secure Boot signed iPXE from 2Pint Software)2PXE/File/logo
(PNG splash screen image)2PXE/Boot
(iPXE script containing boot configuration).wimboot.x86_64.efi
(Secure Boot signed wimboot, can be stored in remote object storage)
x64/snponly_usb_x64.efi
(Secure Boot signed iPXE from 2Pint Software, designed to be booted via USB)
TFTP server needs to be configured to serve x64/snponly_x64.efi
.
It doesn’t need to be in the local subnet, but you can run into some issues if it isn’t.
It’ll need to only be accessible over a private network, not something that can be exposed or accessed over the internet.
Based on the URL provided in DHCP option 175, iPXE will request some files via HTTP.
It’ll first request:
GET /2PXE/File/logo
Then:
POST /2PXE/Boot
This POST request does include a lot of variables that allow for a dynamic response (see https://gist.github.com/iamacarpet/d37c17bcaf8767093a53265ed4d04b83#file-2pxe-ipxe-L237), however, we want to ignore that & just return a static boot menu file.
Ideally, we’d serve straight from Google Cloud Storage or similar, but it doesn’t allow POST requests without a specific data structure in the form parameters, so we’re best to use nginx (and this can be remote, over the internet, if it’s easier to host that way, but may need to use an IP address rather than a DNS domain, as it’s not clear if DNS is available here).
server {
listen 8050 default_server;
root /srv/tftp;
index index.html index.htm index.nginx-debian.html;
server_name _;
error_page 405 =200 $uri;
location /healthz {
access_log off;
keepalive_timeout 0;
add_header Content-Type text/plain;
return 200 "OK";
}
}
where “/srv/tftp” is the folder containing the HTTP files referenced above.
Note the line error_page 405 =200 $uri;
that allows a POST for a static file.
- Option 66: TFTP Server IP, e.g. 10.25.0.250
- Option 67: x64/snponly_x64.efi
- Option 175 (custom, string): HTTP URL for additional files, e.g. http://10.25.0.250:8050/