[ipxe-devel] [iPXE, HTTPS, ROM size]

Michael Brown mbrown at fensystems.co.uk
Sun Feb 12 12:49:54 UTC 2012

On Thursday 09 Feb 2012 09:05:43 Slawomir Latkowski wrote:
> I have managed to swap the original INTEL PXE ROM on the mainboard
> bios with iPXE ROM and it works absolutely fine. The only one problem
> is when I try to add HTTPS protocol. It doesn't activate the ROM when
> it's more than 64KB in size. I don't know if it is a BIOS
> bug/limitation or compile error.
> make bin/11063106.rom
> Could you tell me how to make a rom file less than 64KB with HTTPS
> support? I was trying to #undef some not needed features but still,
> remains the same size with #define https. Is there any known solution
> for this issue?

It's quite plausible that your BIOS has a 64kB limitation on PXE ROM size.  
Unfortunately, the crypto code for https is several kB in size.  Your only 
option is to disable other features (e.g. multiboot support, comboot support, 
iSCSI support) until the resulting size is small enough.

If you're using an old version of gcc then try upgrading to a more recent one; 
this can make a significant difference to the compiled binary size.

For a plug-in NIC, you can often use a ROM much larger than 64kB, particularly 
if your NIC supports a .mrom image.  Unfortunately, this isn't possible when 
you're using an onboard NIC.


More information about the ipxe-devel mailing list