This article explores iPXE, an open source network boot firmware that I think BIOS developers should be aware of.[…]
Title contains all of the documentation. Bluntly, I’m not sure what this does, I’m not great at PXE and iPXE. Amongst other things, here’s an ipxe.efi, but no source code, so this is NOT open source, be careful. I have no time to dig further…
UEFI Setup for HTTP Boot of OS image installation
Currently leveraging IPXE chain loading.
Step by step guide for how to build your own PXE boot server supporting both legacy BIOS and EFI hardare
Build your own PXE boot server
This article is a step by step guide for building your own PXE boot infrastructure which can be used to boot both legacy BIOS and EFI based hardware from network. There are many articles on the Internet for building PXE boot infrastructure however I found most of them does not work for EFI based hardware. I use iPXE as the boot image and dnsmasq as DHCP & TFTP server and I found it’s dead simple to setup those two software.
Stevenyu1982 has started the Puppet-razor-custom project on Github.
Based on puppet razor, adding new features to support our environments. Features:
* Adding IPXE UEFI support
* Routing the IPXE UEFI and Legacy based on current BIOS setting
* Change the default BIOS boot order from Pxe and Change the UEFI to Legacy boot to support Oel6.5 installation
* ASU command intergation for changing the BIOS settings
* MegaCLI command intergraion for raid creation.
Samer El-Haj-Mahmoud of HP posted a message to the EFI development list, with an update on iPXE, supporting UEFI HTTP Boot:
It looks like iPXE has been updated to work with UEFI 2.5 HTTP Boot, and tested with OVMF. Their page also includes instructions for configuring the DHCP server to enable HTTP Boot, and building OVMF with HTTP_BOOT enabled. It would be interesting to see if iPXE EFI version will directly use EFI_HTTP_PROTOCOL or carry its own TCP/IP HTTP code.
Excerpt from iPXE site:
Version 2.5 of the UEFI specification introduces the UEFI HTTP Boot feature. You can use the basic UEFI HTTP Boot client to chainload iPXE from an HTTP server, eliminating the need for a separate TFTP server in your boot infrastructure. The simple UEFI HTTP Boot client will download and boot iPXE. You can then use any of iPXE’s more advanced features such as HTTPS, Digest authentication, POST requests, scripts, menus, customisable code signing etc. to download and boot your operating system. UEFI HTTP chainloading provides a way to load iPXE on systems which do not have iPXE present as part of the UEFI firmware. If your system already provides iPXE as part of the UEFI firmware, then you do not need to use UEFI HTTP chainloading.
The Embedded Linux Conference Europe (ELCE) is happening in October. There’s a set of UEFI talks happening at the event:
UEFI Forum Update and Open Source Community Benefits, Mark Doran
Learn about the recent UEFI Forum activities and the continued adoption of UEFI technology. To ensure greater transparency and participation from the open source community, the Forum has decided to allow for public review of all specification drafts. Find out more about this new offering and other benefits to being involved in firmware standards development by attending this session.
What Linux Developers Need to Know About Recent UEFI Spec Advances, Jeff Bobzin
Users of modern client and server systems are demanding strong security and enhanced reliability. Many large distros have asked for automated installation of a local secure boot profile. The UEFI Forum has responded with the new Audit Mode specified in the UEFI specification, v2.5, offering new capabilities, enhanced system integrity, OS recovery and firmware update processes. Attend this session to find out more about the current plans and testing schedules of the new sample code and features.
LUV Shack: An automated Linux kernel and UEFI firmware testing infrastructure, Matt Fleming
The Linux UEFI Validation (LUV) Project was created out of necessity. Prior to it, there was no way to validate the interaction of the Linux kernel and UEFI firmware at all stages of the boot process and all levels of the software stack. At Intel, the LUV project is used to check for regressions and bugs in both eh Linux kernel and EDK2-based firmware. They affectionately refer to this testing farm as the LUV shack. This talk will cover the LUV shack architecture and validation processes.
The Move from iPXE to Boot from HTTP, Dong Wei
iPXE relies on Legacy BIOS which is currently is deployed by most of the world’s ISPs. As a result, the majority of x86 servers are unable to update and move to a more secure firmware platform using UEFI. Fortunately, there is a solution. Replacing iPXE with the new BOOT from HTTP mechanism will help us get there. Attend this session to learn more.
UEFI Development in an Open Source Ecosystem, Michael Krau, Vincent Zimmer
Open source development around UEFI technology continues to progress with improved community hosting, communications and source control methodologies. These community efforts create valuable opportunities to integrate firmware functions into distros. Most prevalent UEFI tools available today center on chain of trust security via Secure Boot and Intel® Platform Trust Technology (PTT) tools. This session will address the status of these and other tools. Attendees will have the opportunity to share feedback as well as recommendations for future open UEFI development resources and processes.
UEFI aside, there’s many other presentations that look interesting, for example:
Isn’t it Ironic? The Bare Metal Cloud – Devananda van der Veen, HP
Developing Electronics Using OSS Tools – Attila Kinali
How to Boot Linux in One Second – Jan Altenberg, linutronix GmbH
Reprogrammable Hardware Support for Linux – Alan Tull, Altera
Measuring and Reducing Crosstalk Between Virtual Machines – Alexander Komarov, Intel
Introducing the Industrial IO Subsystem: The Home of Sensor Drivers – Daniel Baluta, Intel
Order at Last: The New U-Boot Driver Model Architecture – Simon Glass, Google
Suspend/Resume at the Speed of Light – Len Brown, Intel
The Shiny New l2C Slave Framework – Wolfram Sang
Using seccomp to Limit the Kernel Attack Surface – Michael Kerrisk
Tracing Virtual Machines From the Host with trace-cmd virt-server – Steven Rostedt, Red Hat
Are today’s FOSS Security Practices Robust Enough in the Cloud Era – Lars Kurth, Citrix
Security within Iotivity – Sachin Agrawal, Intel
Creating Open Hardware Tools – David Anders, Intel
The Devil Wears RPM: Continuous Security Integration – Ikey Doherty, Intel
Building the J-Core CPU as Open Hardware: Disruptive Open Source Principles Applied to Hardware and Software – Jeff Dionne, Smart Energy Instruments
How Do Debuggers (Really) Work – Pawel Moll, ARM
Make your Own USB device and Driver with Ease! – Krzysztof Opasiak, Samsung
Debugging the Linux Kernel with GDB – Peter Griffin, Linaro