UEFI PXE netboot / install procedure

Method developed by Will Tinsdeall <will.tinsdeall+opensource@mercianlabels.com>

Original article by Kamal Mostafa <kamal@canonical.com>

Using this method

This method is an experimental method, which serves a UEFI signed grub image, loads the configuration in grub.cfg and boots the Linux kernel.

The original method on this Wiki page used an all-in-one image, which was good for the simple install on diskless PCs, but made preseeding impossible without modifying the mini.iso

Step 1: Get the files

1. Download the UEFI signed grub image into /srv/tftp/: http://archive.ubuntu.com/ubuntu/dists/trusty/main/uefi/grub2-amd64/current/grubnetx64.efi.signed

2. Download the correct netboot.tar.gz archive (navigate to the correct one!): http://cdimage.ubuntu.com/netboot/

3. Extract netboot.tar.gz into /srv/tftp/

Step 2: Get the files

On releases after 14.04; you should also provide the file 'install/filesystem.squashfs' via HTTP or FTP to use to complete the netboot install.

1. Create the file /srv/tftp/grub/grub.cfg with the following content. Add other entries as needed:

For standard install (Not Preseeded):

menuentry "Install Ubuntu" {
set gfxpayload=keep
linux /ubuntu-installer/amd64/linux gfxpayload=800x600x16,800x600 --- quiet
initrd /ubuntu-installer/amd64/initrd.gz

On releases after 14.04; add "live-installer/net-image=$PATH_TO_FILESYSTEM_SQUASHFS" before the three dashes to provide a root filesystem for the installer to use as a base for the install; or use "live-installer/enable=false".

For Preseeding (automatic hands-off install - you will need an HTTP server to serve the config):

menuentry "Install Ubuntu" {
set gfxpayload=keep
linux /ubuntu-installer/amd64/linux gfxpayload=800x600x16,800x600 --- auto=true url=http://YOUR_PRESEED_SERVER/preseed.cfg quiet
initrd /ubuntu-installer/amd64/initrd.gz

Step 3: Install TFTP and DHCP server (for simplicity, dnsmasq is used here)

1. Install dnsmasq:

sudo apt-get install dnsmasq

2. Set your computer to use a static IP

3. Configure dnsmasq add these lines to /etc/dnsmasq.conf


4. Reload dnsmasq

sudo service dnsmasq restart

Alternative method to create a boot image (all-in-one file)

Exchange this for Step 1 and Step 2. These instructions are from the original wiki

  1. Install a regular Ubuntu system + updates, or use an existing Ubuntu system as the Server. The Server can be any computer with a wired NIC; the Server itself does not need to be UEFI-capable. (I installed ubuntu-11.10-desktop-amd64.iso from a USB stick on to an x220 laptop, but any Ubuntu installation should work).
  2. On the Server system, fetch a netboot "mini.iso" image and save it with a distinct filename (or substitute a different Ubuntu distro for "trusty"; see Notes below about Debian):
    wget http://ftp.ubuntu.com/ubuntu/dists/trusty/main/installer-amd64/current/images/netboot/mini.iso  \
                    -O /tmp/mini-trusty.iso
  3. Generate a custom "grubnetx64.efi.signed" image with the mini-distro.iso embedded inside, and (Important!) with all available x86_64-efi grub modules enabled. You will move the generated .efi image file from /tmp to the tftpboot directory in a moment:
    • the ls|sed sequence generates the list of all modules.

    • many of the modules are actually required, but surely not all; I don't know which are or aren't required.
    sudo apt-get install grub-efi-amd64-bin
    grub-mkimage --format=x86_64-efi  \
                    --output=/tmp/grubnetx64.efi.signed   \
                    --memdisk=/tmp/mini-trusty.iso  \
                    `ls /usr/lib/grub/x86_64-efi  | sed -n 's/\.mod//gp'`
    • Note that some modules may cause the installation to stall with a error: no device connected message, in this case you will need to remove the drivers giving the error. For instance, to remove the pata module, change the module listing part to ls /usr/lib/grub/x86_64-efi  | sed -n 's/\.mod//gp' | grep -v pata


Optional Extras

Install a package cacher

This will ensure that your internet is not hammered by hundreds of PCs, by caching the downloads required for the install on a local server. If you are using preseed, add this to your HTTP Proxy settings in your preseed config (HTTP Proxy: http://[The IP Address]:3142/).

1. Install apt-cacher-ng to provide http proxy service to the Clients (proxy listens on port 3142):

sudo apt-get install apt-cacher-ng


* The installed Client system will remember the proxy server setting in /etc/apt/apt.conf -- remove that file from the installed Client if you don't plan to keep it attached to the server's network.

* If you use apt-cacher-ng as described above, subsequent client installs using this Server will be much faster than the first client install.

Debugging Options

A. Watch syslog on the Server with "tail -f /var/log/syslog"

B. Run tcpdump on the server, to check which files are being requested (tcpdump must be installed):

tcpdump -i eth0 port 69


UEFI/PXE-netboot-install (last edited 2016-09-23 20:55:07 by cyphermox)