Secure Boot Network Installation
1. Preboot Execution Environment (PXE)
We have to start with the standard PXE setup that is used for decades for disk-less client bootstrapping. The client requests an IP address and gets it together with the information where to find a boot file that can be loaded via TFTP. In our case the network connection is done via the EFI stack and the file the system is loading is an EFI application.
2. Copy relevant files to the right places
The relevant files that we need can simply be copied from the ISO image. First we need the the bootx64.efi
file that is the shim that has an official digital signature from Microsoft. This file gets validated during Secure Boot and allows us to load and validate the grub.efi
file that was signed with the “openSUSE Secure Boot CA”. Grub will then load its config file and offers the same menu we know from the ISO image.
The following steps are the same for openSUSE and SUSE Linux Enterprise:
#> mount -o loop openSUSE-Leap-15.0-DVD-x86_64.iso /mnt #> cp /mnt/EFI/BOOT/{bootx64.efi,grub.efi,grub.cfg} /srv/tftpboot/ #> cp -r /mnt/boot /srv/tftpboot/
To run a full network installation we also need to provide the ISO image content. A simple way to do this is via HTTP. Just create an installation sub-directory with the full content of the ISO image. Best practice is to mount the ISO image inside the web server environment.
The 'Installation'
menu-entry inside the grub.cfg
file can then be extended with the netsetup=
and install=
parameters. Simply extend the linuxefi
line with the following string:
netsetup=dhcp,all install=http://192.168.7.1/install/opensuse/leap150/
We can also customize the boot menu theme by editing the boot/x86_64/grub2-efi/themes/openSUSE/theme.txt
file. In this example we will edit the theme title that is shown during boot.
title-text: "openSUSE Leap 15.0 (UEFI Network Installation)"
3. Showtime
You need to enable UEFI IPv4 Boot and Secure Boot inside the BIOS of your system. Then it should look similar to this KVM Secure Boot screen cast.
Have a lot of fun! 😉
Related Articles
Dec 09th, 2024
SUSE Receives 37 Badges in the Fall G2 Report
Sep 03rd, 2024
No comments yet