Provide setup files for EFI boot in netboot package

The shim + grubnetx64 files need to be available via tftp,
using for example a dhcpd configuration which includes:

| # UEFI boot with DHCPv4
| option architecture-type code 93 = unsigned integer 16;
|
| subnet 10.42.42.0 netmask 255.255.255.0 {
|   next-server 10.42.42.2;
|   range 10.42.42.100 10.42.42.200;
|
|   class "pxeclients" {
|     match if substring (option vendor-class-identifier, 0 ,9) = "PXEClient";
|     if option architecture-type = 00:07 {
|       filename "shim.efi";
|     } else {
|       filename "pxelinux.0";
|     }
|   }
| }

... or a dnsmasq configuration which includes:

| domain-needed
| bogus-priv
| expand-hosts
| domain=foobar.example.org
| dhcp-range=10.42.42.100,10.42.42.200,6h
| dhcp-option=1,255.255.255.0  # subnet mask
| dhcp-option=3,10.42.42.1     # default gateway
| dhcp-option=6,10.42.42.2     # domain name server
| dhcp-option=28,10.42.42.255  # broadcast address
| dhcp-option=42,10.42.1.3     # timeserver preference
| dhcp-option=252,"\n"         # proxy config
| dhcp-match=BIOS,option:client-arch,0
| dhcp-boot=tag:BIOS,pxelinux.0
| dhcp-match=UEFI,option:client-arch,7
| dhcp-match=UEFI,option:client-arch,9
| dhcp-boot=tag:UEFI,shim.efi
| dhcp-leasefile=/var/lib/misc/dnsmasq.leases
| dhcp-authoritative

or quoting from  https://wiki.ubuntu.com/UEFI/SecureBoot/PXE-IPv6:

| dhcp-boot=pxelinux.0
| dhcp-match=set:efi-x86_64,option:client-arch,7
| dhcp-boot=tag:efi-x86_64,bootx64.efi

Then EFI boot via PXE with GRUB is supposed to work fine,
while pxelinux provides PXE boot for BIOS based systems.

This is related to the EFI boot support within grml-terminalserver,
see commit 3154dc (`Support UEFI PXE boot with DHCPv4`).

This work was funded by Grml-Forensic.

diff --git a/grml-live b/grml-live
index a93e038..e0d55f4 100755 (executable)
--- a/grml-live
+++ b/grml-live
@@ -1666,6 +1666,53 @@ create_netbootpackage() {
     eoutdent
   fi
 
+  # don't include shim + grubnetx64 + grub files in i386 netboot packages,
+  # as those don't make much sense there
+  if [ "$ARCH" = amd64 ] ; then
+    if ! [ -r "${BUILD_OUTPUT}/boot/grub/netboot.cfg" ] ; then
+      log   "File ${BUILD_OUTPUT}/boot/grub/netboot.cfg not found."
+      ewarn "File ${BUILD_OUTPUT}/boot/grub/netboot.cfg not found."
+      eindent
+      log   "Hint: Are you using custom templates which do not provide grub.cfg?"
+      ewarn "Hint: Are you using custom templates which do not provide grub.cfg?" ; eend 0
+      eoutdent
+    else
+      cp "${BUILD_OUTPUT}/boot/grub/netboot.cfg" "${WORKING_DIR}/grub.cfg"
+      adjust_boot_files "${WORKING_DIR}/grub.cfg"
+
+      if [ -r "${CHROOT_OUTPUT}"/usr/lib/shim/shimx64.efi.signed ] ; then
+        log "Installing ${CHROOT_OUTPUT}/usr/lib/shim/shimx64.efi.signed as shim.efi in netboot package"
+        cp "${CHROOT_OUTPUT}"/usr/lib/shim/shimx64.efi.signed "${WORKING_DIR}"/shim.efi
+      elif [ -r "${CHROOT_OUTPUT}"/usr/lib/shim/shimx64.efi ] ; then
+        log "Installing ${CHROOT_OUTPUT}/usr/lib/shim/shimx64.efi as shim.efi in netboot package"
+        cp "${CHROOT_OUTPUT}"/usr/lib/shim/shimx64.efi "${WORKING_DIR}"/shim.efi
+      else
+        log   "No shimx64.efi for usage with PXE boot found (shim-signed not present?)"
+        ewarn "No shimx64.efi for usage with PXE boot found (shim-signed not present?)" ; eend 0
+      fi
+
+      if [ -r /usr/lib/grub/x86_64-efi-signed/grubnetx64.efi.signed ] ; then
+        log "Installing /usr/lib/grub/x86_64-efi-signed/grubnetx64.efi.signed as grubx64.efi in netboot package"
+        cp /usr/lib/grub/x86_64-efi-signed/grubnetx64.efi.signed "${WORKING_DIR}"/grubx64.efi
+      elif [ -r /usr/lib/grub/x86_64-efi/monolithic/grubnetx64.efi ] ; then
+        log "Installing /usr/lib/grub/x86_64-efi/monolithic/grubnetx64.efi as grubx64.efi in netboot package"
+        cp /usr/lib/grub/x86_64-efi/monolithic/grubnetx64.efi "${WORKING_DIR}"/grubx64.efi
+      else
+        log   "No grubnetx64.efi for usage with PXE boot found (grub-efi-amd64-signed not present?)"
+        ewarn "No grubnetx64.efi for usage with PXE boot found (grub-efi-amd64-signed not present?)." ; eend 0
+      fi
+
+      if [ -r "${CHROOT_OUTPUT}"/usr/share/grub/unicode.pf2 ] ; then
+        log "Installing ${CHROOT_OUTPUT}/usr/share/grub/unicode.pf2 as grub/fonts/unicode.pf2 in netboot package"
+        mkdir -p "${WORKING_DIR}"/grub/fonts/
+        cp "${CHROOT_OUTPUT}"/usr/share/grub/unicode.pf2 "${WORKING_DIR}"/grub/fonts/
+      else
+        log   "No unicode.pf2 for usage with PXE boot found (grub-common not present?)"
+        ewarn "No unicode.pf2 for usage with PXE boot found (grub-common not present?)" ; eend 0
+      fi
+    fi
+  fi
+
   if tar -C "$OUTPUTDIR" -jcf "${OUTPUT_FILE}" "grml_netboot_package_${GRML_NAME}_${VERSION}" ; then
     (
       cd $(dirname "${OUTPUT_FILE}")

diff --git a/templates/boot/grub/netboot.cfg b/templates/boot/grub/netboot.cfg
new file mode 100644 (file)
index 0000000..66375dd
--- /dev/null
+++ b/templates/boot/grub/netboot.cfg
@@ -0,0 +1,27 @@
+# GRUB PXE configuration file
+
+# adjust according to your needs
+#set timeout=300
+
+insmod png
+set gfxmode=auto
+insmod gfxterm
+terminal_output gfxterm
+
+loadfont unicode
+
+set menu_color_normal=white/black
+set menu_color_highlight=black/yellow
+
+menuentry "%GRML_NAME% Standard (%VERSION%, %ARCH%)" {
+    set gfxpayload=keep
+    echo 'Loading kernel...'
+    linux  vmlinuz root=/dev/nfs rw nfsroot=192.168.0.1:/live/image boot=live live-media-path=/live/%GRML_NAME%/ bootid=%BOOTID% apm=power-off nomce net.ifnames=0 noprompt noeject 
+    echo 'Loading initrd...'
+    initrd initrd.img
+}
+
+menuentry "Boot OS of first partition on first disk" {
+    set root=(hd0,1)
+    chainloader +1
+}