[ipxe-devel] IPXE fails to verify images on EFI system

Ján ONDREJ (SAL) ondrejj at salstar.sk
Wed Jul 17 06:19:38 UTC 2019


On Tue, Jul 09, 2019 at 01:32:36PM +0100, Michael Brown wrote:
> On 21/06/2019 09:48, Ján ONDREJ (SAL) wrote:
> >    I am trying to make boot.salstar.sk working on an EFI system. After some
> > troubles with disabling secure boot or allowing my ipxe.efi image, it's
> > now booting, but my scripts are unable to validate ipxe script files.
> > 
> >    Error message is:
> > 
> > Could not start download: Invalid argument (http://ipxe.org/1c25e082)
> > 
> > Using an "chain http://..." command works well, but without signature
> > checking.
> > 
> > Is this a bug of ipxe or is it a "feature" of EFI booting?
> As per the error page, it indicates a failure to obtain a usable entropy
> source.  Try building with DEBUG=efi_entropy,entropy,drbg

Thanks for your reply. Here is an error message:

iPXE initialising devices...DRBG 0x73d9c020 instantiate
ENTROPY has RNG protocol
DRBG 0x73d9c020 could not get entropy input: Error 0x4226e195 (http://ipxe.org/4226e195)

Is it possible to fix this? Can I somehow at least fallback to less secure
mode without good entropy?

						Jan ONDREJ

More information about the ipxe-devel mailing list