Skip to content

Instantly share code, notes, and snippets.

@noslin005

noslin005/pxe.md

Created April 4, 2025 03:00
Show Gist options
  • Save noslin005/7d092808ae6213989d7c27e6a0792f9c to your computer and use it in GitHub Desktop.
Save noslin005/7d092808ae6213989d7c27e6a0792f9c to your computer and use it in GitHub Desktop.
Download ZIP
Raw
pxe.md

Firewall

# INTERNAL ZONE
firewall-cmd --set-default-zone=internal
firewall-cmd --zone=internal --add-interface=bond0 --permanent
firewall-cmd --zone=internal --add-service={dhcp,tftp,http,https,dns,nfs,mountd,rpc-bind} --permanent

DHCP

dnf install dhcp-server -y
cp /usr/lib/systemd/system/dhcpd.service /etc/systemd/system/dhcpd.service
# FILE: /etc/dhcp/dhcpd.conf
ignore client-updates;
authoritative;
allow booting;
allow bootp;
allow unknown-clients;
ddns-update-style interim;
default-lease-time 600;
max-lease-time 7200;

# UEFI PXE SETTINGS
# These settings are required for UEFI boot:
option space PXE;
option PXE.mtftp-ip    code 1 = ip-address;
option PXE.mtftp-cport code 2 = unsigned integer 16; 
option PXE.mtftp-sport code 3 = unsigned integer 16; 
option PXE.mtftp-tmout code 4 = unsigned integer 8;
option PXE.mtftp-delay code 5 = unsigned integer 8;

# LEGACY BIOS SETTINGS
option space pxelinux;
option pxelinux.magic code 208 = string;
option pxelinux.configfile code 209 = text;
option pxelinux.pathprefix code 210 = text;
option pxelinux.reboottime code 211 = unsigned integer 32; 

# iPXE
include "/etc/dhcp/ipxe-option-space.conf";
# http://www.ietf.org/assignments/dhcpv6-parameters/dhcpv6-parameters.txt
option arch code 93 = unsigned integer 16; 

# DHCP POOL
subnet 192.168.1.0 netmask 255.255.248.0 {
    range 192.168.1.100 192.168.1.254;
    option routers 192.168.1.1;
    # DNS
    option domain-name "home.lab";
    option domain-name-servers 192.168.1.6;
    next-server 192.168.1.6;
    if exists user-class and option user-class = "iPXE" {
        filename "http://192.168.1.6/ipxe/bootstrap.ipxe";
        # ARM64 iPXE-specific options
        } elsif option arch = 00:0b {
            filename "ipxe/arm64.efi";
        # AMD64 EFI
        } elsif option arch = 00:09 {
            filename "uefi/bootx64.efi";
        } elsif option arch = 00:07 {
            filename "uefi/bootx64.efi";
        } elsif option arch = 00:06 {
            filename "uefi/bootx64.efi";
        # Legacy BIOS
        } elsif option arch = 00:00 {
            filename "bios/pxelinux.0";
        }   
    }

include "/etc/dhcp/static.conf";
# FILE: /etc/dhcp/ipxe-option-space.conf
# https://www.ipxe.org/howto/dhcpd
# Declare the iPXE/gPXE/Etherboot option space
option space ipxe;
option ipxe-encap-opts code 175 = encapsulate ipxe;

# iPXE options, can be set in DHCP response packet
option ipxe.priority         code   1 = signed integer 8;
option ipxe.keep-san         code   8 = unsigned integer 8;
option ipxe.skip-san-boot    code   9 = unsigned integer 8;
option ipxe.syslogs          code  85 = string;
option ipxe.cert             code  91 = string;
option ipxe.privkey          code  92 = string;
option ipxe.crosscert        code  93 = string;
option ipxe.no-pxedhcp       code 176 = unsigned integer 8;
option ipxe.bus-id           code 177 = string;
option ipxe.san-filename     code 188 = string;
option ipxe.bios-drive       code 189 = unsigned integer 8;
option ipxe.username         code 190 = string;
option ipxe.password         code 191 = string;
option ipxe.reverse-username code 192 = string;
option ipxe.reverse-password code 193 = string;
option ipxe.version          code 235 = string;
option iscsi-initiator-iqn   code 203 = string;

# iPXE feature flags, set in DHCP request packet
option ipxe.pxeext    code 16 = unsigned integer 8;
option ipxe.iscsi     code 17 = unsigned integer 8;
option ipxe.aoe       code 18 = unsigned integer 8;
option ipxe.http      code 19 = unsigned integer 8;
option ipxe.https     code 20 = unsigned integer 8;
option ipxe.tftp      code 21 = unsigned integer 8;
option ipxe.ftp       code 22 = unsigned integer 8;
option ipxe.dns       code 23 = unsigned integer 8;
option ipxe.bzimage   code 24 = unsigned integer 8;
option ipxe.multiboot code 25 = unsigned integer 8;
option ipxe.slam      code 26 = unsigned integer 8;
option ipxe.srp       code 27 = unsigned integer 8;
option ipxe.nbi       code 32 = unsigned integer 8;
option ipxe.pxe       code 33 = unsigned integer 8;
option ipxe.elf       code 34 = unsigned integer 8;
option ipxe.comboot   code 35 = unsigned integer 8;
option ipxe.efi       code 36 = unsigned integer 8;
option ipxe.fcoe      code 37 = unsigned integer 8;
option ipxe.vlan      code 38 = unsigned integer 8;
option ipxe.menu      code 39 = unsigned integer 8;
option ipxe.sdi       code 40 = unsigned integer 8;
option ipxe.nfs       code 41 = unsigned integer 8;

option ipxe.no-pxedhcp 1;

TFTP

# Create a tftp user
groupadd tftp
useradd -M -d /tftpboot -g tftp tftp
chown tftp:tftp -Rv /tftpboot

# Install tftp
dnf install tftp-server

# Override the default systemd service, copy from /usr/lib/systemd to /etc/systemd
cp /usr/lib/systemd/system/tftp.service /etc/systemd/system/tftp.service
cp /usr/lib/systemd/system/tftp.socket /etc/systemd/system/tftp.socket

# chnage the default tftp directory and add other parameters
sed -i 's|^ExecStar.*|ExecStart=/usr/sbin/in.tftpd -vvv -p -s /tftpboot -u tftp|g' /etc/systemd/system/tftp.service 

# reload the unit file
systemctl daemon-reload

# Enable and start the service
systemctl enable --now tftp.service

# OPTIONAL (selinux)
# Set correct selinux context
semanage fcontext -a -t tftpdir_rw_t "/tftpboot(/.*)?"
restorecon -Rv /tftpboot

BIOS

dnf download syslinux-tftpboot
rpm2cpio syslinux-tftpboot-6.04-0.20.el9.noarch.rpm |cpio -dimv
mv -v ./tftpboot/* /tftpboot/bios/
mkdir -p /tftpboot/bios/pxelinux.cfg

pxelinux.cfg/default

default vesamenu.c32

prompt 1
timeout 600

display boot.msg

label local
    menu label Boot from ^local drive
    localboot 0xffff

UEFI

# grub-efi
dnf download grub2-efi-x64
rpm2cpio grub2-efi-x64-2.06-61.el9_2.1.rocky.0.2.x86_64.rpm |cpio -dimv
cp -v ./boot/efi/EFI/rocky/grubx64.efi /tftpboot/uefi/
cp -rv ./boot/grub2/fonts /tftpboot/uefi/

# shim
dnf download shim-x64
rpm2cpio shim-x64-15.6-1.el9.rocky.0.2.x86_64.rpm |cpio -dimv
cp -v ./boot/efi/EFI/BOOT/BOOTX64.EFI //tftpboot/uefi/bootx64.efi

grub.cfg

# vi: ft=cfg
if loadfont unicode ; then
  set gfxmode=1024x768,800x600,auto
  set gfxpayload=800x600,1024x768
  terminal_output gfxterm
fi

function load_video {
  insmod efi_gop
  insmod efi_uga
  insmod video_bochs
  insmod video_cirrus
  insmod all_video
}
 
function load_drivers {
  insmod linuxefi
  insmod linux
  insmod net
  insmod efinet
  insmod tftp
  insmod gzio
  insmod part_gpt
  insmod ext2
}
 
load_video
set gfxpayload=keep
load_drivers
set timeout=15
set timeout_style=menu
set hidden_timeout_quiet=false
set default=0

menuentry 'iPXE Menu - Daisychain' {
  chainloader /ipxe/x86_64.efi
}

# Other options will be added
menuentry 'uEFI firmware setup' 'uefi-firmware' {
  echo 'Entering uEFI firmware setup...'
  insmod efifwsetup
  fwsetup
}

menuentry 'Reboot' --id reboot {
  echo 'System rebooting...'
  reboot
}
 
menuentry 'Shutdown' --id shutdown {
  echo 'System shutting down...'
  halt
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment