Hi Simon, Doug,
I'd like to raise this issue again. It was discussed last year:
http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2017q1/011372.html
Now with dnsmasq 2.79-1 on Ubuntu cosmic:
# dpkg -l dnsmasq
Desired=Unknown/Install/Remove/Purge/Hold
|
Status=Not/Inst/Conf-files/Unpacked/halF-conf/Half-inst/trig-aWait/Trig-pend
|/ Err?=(none)/Reinst-required (Status,Err: uppercase=bad)
||/ Name                   Version          Architecture     Description
+++-======================-================-================-=================================================
ii  dnsmasq                2.79-1           all              Small
caching DNS proxy and DHCP/TFTP server

I have copied /usr/lib/shim/shimx64.efi.signed as bootx64.efi in the
tftpboot root, and copied
/usr/lib/grub/x86_64-efi-signed/grubnetx64.efi.signed as grubx64.efi in
the tftpboot root, too.
If I use the following in dnsmasq.conf:
========================
        dhcp-boot=pxelinux.0
        dhcp-match=set:efi-x86_64,option:client-arch,7
        dhcp-boot=tag:efi-x86_64,bootx64.efi
========================
Then the uEFI network booting client is able to boot in secure mode.
However,
If I use the following in dnsmasq.conf:
========================
        pxe-service=X86PC, "Boot BIOS PXE", pxelinux.0
        pxe-service=BC_EFI, "Boot UEFI BC", bootx64.efi
        pxe-service=X86-64_EFI, "Boot UEFI X86-64", bootx64.efi
========================
Then uEFI nework booting client is _NOT_ able to boot in secure mode.
Even when secure boot mode is disabled, the client is _NOT_ able to
network boot. It just enters local machine OS.
The problem is, I need the pxe-service config so that the proxy mode can
work. That's why I can not use dhcp-boot option.

Any solution to this? Thank you very much.

Steven


-- 
Steven Shiau <steven _at_ stevenshiau org>
Public Key Server PGP Key ID: 4096R/163E3FB0
Fingerprint: EB1D D5BF 6F88 820B BCF5  356C 8E94 C9CD 163E 3FB0


_______________________________________________
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss

Reply via email to