[ipxe-devel] Change cached DHCP responses possible using set?

Andreas Buschka a.buschka at tarent.de
Wed Feb 26 14:23:54 UTC 2014


Hello @all,

Currently, I am experiencing the following problem:

I use iPXE (EFI version compiled from git, got snponly.efi working again by using these patches: https://git.ipxe.org/vendor/xcat/ipxe.git/commitdiff/73d1ff05b058a2507fda0119825715fa2253d722 and https://git.ipxe.org/vendor/xcat/ipxe.git/commitdiff/f411dcea1ce12ddcdfafa3fa2a89566a16f86bce ) and I am trying to hand the EFI boot over to Windows’s bootmgfw.efi network boot program. The handover itself works just fine, however, there is a problem: bootmgfw.efi wants to validate its own digital signature, so it re-downloads the boot file that was given to the original EFI ROM PXE loader in the initial DHCP response (in my case: /ipxe/snponly.efi). Because this is not the file whose digital signature bootmgfw.efi wants to verify, the check fails and the booting is aborted (I suspect this is part of the Secure Boot thingy Microsoft has going on, but the UEFI that I tested that on does not even have a Secure Boot implementation...).

However, this problem does not only apply to bootmgfw.efi, but also to other files it wants to load via UNDI/SNP, like the .MUI file (the user interface, translated into the user’s language). 

To fix this problem, I need to be able to modify the cached DHCP response packet (in my scenario, there is no proxy DHCP server involved). In SYSLINUX, there is a module called pxechn.c32, which is able to do exactly that (see the description on http://www.syslinux.org/wiki/index.php/Pxechn.c32 for details). However, since this SYSLINUX module does not work on EFI, I cannot use it to solve my problem.

So, my question is: Is there a feature in iPXE (UEFI version) that would allow me to change parts of the cached DHCP response like “boot file name” so that bootmgfw.efi uses the correct file names?

Best regards,
Andreas




More information about the ipxe-devel mailing list