I've been trying to find a method to PXE boot to my Clonezilla server in Secure boot UEFI.
Has someone found any method to do this ?
I found that it isn't possible to start the PXE in secure boot, so i tried with iPXE on a usb stick and boot that to then go to PXE for Clonezilla SE. But this didn't seem to work. I couldn't get the USB to boot in Secure UEFI.
Do you know if this is possible?
I'm thinking that a clonezilla live with remote source works in UEFI Secure boot, but i want to use multicast because of the large amounts of devices i have to clone, and disabling Secure boot on every computer and re-enabling it after the clone takes a long time to do it for all the computers.
Thanks,
Jordy
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Creating Clonezilla DRBL Server with 2 network cards, without fixing the mac address of the clients on the server and working with UEFI over PXE:
I recommend installing the server with two disks;
First disk: partition / (slash), 256 GB SSD or SATA disk is more than enough.
Second disk: /home partition ( will be the image repository ), SSD or SATA disk of 1TB or more is recommended. Create the /home/partimag folder on this disk with permission 757:
chmod -Rf 757 /home/partimag
1.1 It is very necessary that at least the switch and also the network cables that connect the switch to the micro clients be gigabit. Otherwise, the time to restore an image can be up to 8 times longer.
2. Install Ubuntu Desktop 22.04 on the machine that will be the server, fixing the address on the
network as follows:
Example:
Connection 1: ( direct internet access connection )
IP Address: 192.168.1.254/24 (Necessarily the IP of the clonezilla server on your network that accesses the internet)
Gateway: 192.168.1.1 (Necessarily the gateway IP of your network that accesses the internet)
Connection 2: (This network card will serve the clonezilla server client micros switch)
IP address: 192.168.222.254/24 (can be any private network IP)
Gateway: 192.168.222.254 (must be the same IP address as connection 2)
In both connections use the following DNS's:
8.8.8.8 (preferably your company's DNS server)
8.8.4.4 (preferably your company's DNS server)
Restart the network service by disabling and enabling the network cards graphically or with the command:
sudo /etc/init.d/networking restart
3. Update the server and install the following network tools:
sudo apt update
sudo apt dist-upgrade
sudo apt install sudo vim ssh net-tools fping cifs-utils
Add the USER created in the clonezilla server installation in the ssh and sudo group:
sudo addgroup USUÁRIO ssh
sudo addgroup USUÁRIO sudo
sudo /usr/sbin/drblsrv -i
7. Clonezilla Installation:
- After running the above command, you will be asked if the DRBL server can install GNU/Linux distributions on client machines over the network. As only Clonezilla Server will be used, then type "N", and then type "N".
- Next, the script tries to update the list of packages on your system that is being used as a server, and asks if you want to update the system, type "y" to update. After updating the system, DRBL installs the software packages that the server will need.
- Then the software tries to update the current system kernel. Choose option number 2, which is to update via the APT repository. And then the service generates the configuration file for the clients.
8. Configuring Clonezilla: (NOTE: before starting, check if both server network cards are active)
/usr/sbin/drbpush -i
- Please enter DNS domain (such as drbl.sf.net): [mydomain] "ENTER" or enter another domain;
- Please enter the NIS/YP name of the domain: [clonezillaserver] "TYPE THE SERVER HOSTNAME" and "ENTER;
- Please enter the client hostname prefix: [myprefix02577] "myprefixxxxxx" and "ENTER";
- Which ethernet port of this server is for public INTERNET access, not for DRBL connection? Ethernet ports available on this server: enp0s1 (192.168.1.254), [enp0s1] "ENTER";
- It will now ask you to enter the MAC's of the client computers, as we are not going to configure type "N" and "N";
- Which IP will initiate clonezilla's DHCP? "1" and how many will be connected? It depends on the daily amount you apply the image, for a 24-port switch I indicate "22";
- IP addresses will be configured for clients connected to interface enp0s3 from 1 to 22, accept? "Y" and "ENTER";
- We will not use the DISKLESS service, "2";
- In the system, there are 4 modes available for clonezilla: "1";
- When using clonezilla, in which directory on this server do you want to store the saved image? "/home/partimag";
- Do you want to configure the clients' pxelinux password to have when the clients start? "N";
- Do you want to configure the boot prompt for clients? "Y";
- How many tenths of a second does the clients boot prompt count down? [70] "ENTER";
- Do you want to use graphical background for the PXE menu when the client starts? "Y";
- Do you want to leave the DRBL server as a NAT server? "Y";
- Now we are ready to make the files available to the system! Do you wish to continue? "Y";
Once the server is configured, just start using it:
sudo /usr/sbin/dcs clonezilla-start
• To open the clonezilla interface and choose restore options manually:
sudo dcs
• To clear previous image run command:
sudo drbl-ocs stop
• Restart command to clear dhcp server's PXE lease:
sudo systemctl restart isc-dhcp-server.service
Examples of commands to start image restoration on micro clients:
sudo drbl-ocs -g auto -e1 auto -e2 -r -x -j2 -sc0 -p reboot -l pt_BR.UTF-8 startdisk restore dell_optiplex_3080_win10_pro_64_SYSPREP_pmpr_2021-08-24-16-img nvme0n1
sudo drbl-ocs -g auto -e1 auto -e2 -r -x -j2 -sc0 -p reboot -l pt_BR.UTF-8 startdisk restore lenovo_thinkstation_p330_win10_pro_64_SYSPREP_pmpr_2021-08-25-10-img nvme0n1
sudo drbl-ocs -g auto -e1 auto -e2 -r -x -j2 -sc0 -p reboot -l pt_BR.UTF-8 startdisk restore POSITIVO_MASTER-D580_win10_pro_64_modelo_2021-08-19-16-img sda
Last edit: Juarez Rodrigues Baena 2023-06-04
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
It's a little complicated... You have to use shim and grub for uEFI secure boot.
For Clonezilla lite server, it's possible if you do not want to relay the DHCP request. You can refer to this doc: https://wiki.ubuntu.com/UEFI/SecureBoot/PXE-IPv6#DHCPv4_.28dnsmasq.29
Make your dnsmasq.conf like:
dhcp-boot=pxelinux.0
dhcp-match=set:efi-x86_64,option:client-arch,7
dhcp-boot=tag:efi-x86_64,bootx64.efi
Hi,
I've been trying to find a method to PXE boot to my Clonezilla server in Secure boot UEFI.
Has someone found any method to do this ?
I found that it isn't possible to start the PXE in secure boot, so i tried with iPXE on a usb stick and boot that to then go to PXE for Clonezilla SE. But this didn't seem to work. I couldn't get the USB to boot in Secure UEFI.
Do you know if this is possible?
I'm thinking that a clonezilla live with remote source works in UEFI Secure boot, but i want to use multicast because of the large amounts of devices i have to clone, and disabling Secure boot on every computer and re-enabling it after the clone takes a long time to do it for all the computers.
Thanks,
Jordy
Creating Clonezilla DRBL Server with 2 network cards, without fixing the mac address of the clients on the server and working with UEFI over PXE:
First disk: partition / (slash), 256 GB SSD or SATA disk is more than enough.
Second disk: /home partition ( will be the image repository ), SSD or SATA disk of 1TB or more is recommended. Create the /home/partimag folder on this disk with permission 757:
chmod -Rf 757 /home/partimag
1.1 It is very necessary that at least the switch and also the network cables that connect the switch to the micro clients be gigabit. Otherwise, the time to restore an image can be up to 8 times longer.
2. Install Ubuntu Desktop 22.04 on the machine that will be the server, fixing the address on the
network as follows:
Example:
Connection 1: ( direct internet access connection )
IP Address: 192.168.1.254/24 (Necessarily the IP of the clonezilla server on your network that accesses the internet)
Gateway: 192.168.1.1 (Necessarily the gateway IP of your network that accesses the internet)
Connection 2: (This network card will serve the clonezilla server client micros switch)
IP address: 192.168.222.254/24 (can be any private network IP)
Gateway: 192.168.222.254 (must be the same IP address as connection 2)
In both connections use the following DNS's:
8.8.8.8 (preferably your company's DNS server)
8.8.4.4 (preferably your company's DNS server)
Restart the network service by disabling and enabling the network cards graphically or with the command:
sudo /etc/init.d/networking restart
3. Update the server and install the following network tools:
sudo apt update
sudo apt dist-upgrade
sudo apt install sudo vim ssh net-tools fping cifs-utils
sudo addgroup USUÁRIO ssh
sudo addgroup USUÁRIO sudo
wget -q http://drbl.org/GPG-KEY-DRBL
sudo apt-key add GPG-KEY-DRBL
sudo add-apt-repository 'deb http://free.nchc.org.tw/drbl-core drbl stable'
sudo apt update
sudo apt install drbl
sudo apt install drbl-chntpw freedos ipxe isolinux pxelinux syslinux-efi syslinux-utils partclone clonezilla mkpxeinitrd-net
sudo /usr/sbin/drblsrv -i
7. Clonezilla Installation:
- After running the above command, you will be asked if the DRBL server can install GNU/Linux distributions on client machines over the network. As only Clonezilla Server will be used, then type "N", and then type "N".
- Next, the script tries to update the list of packages on your system that is being used as a server, and asks if you want to update the system, type "y" to update. After updating the system, DRBL installs the software packages that the server will need.
- Then the software tries to update the current system kernel. Choose option number 2, which is to update via the APT repository. And then the service generates the configuration file for the clients.
8. Configuring Clonezilla: (NOTE: before starting, check if both server network cards are active)
/usr/sbin/drbpush -i
- Please enter DNS domain (such as drbl.sf.net): [mydomain] "ENTER" or enter another domain;
- Please enter the NIS/YP name of the domain: [clonezillaserver] "TYPE THE SERVER HOSTNAME" and "ENTER;
- Please enter the client hostname prefix: [myprefix02577] "myprefixxxxxx" and "ENTER";
- Which ethernet port of this server is for public INTERNET access, not for DRBL connection? Ethernet ports available on this server: enp0s1 (192.168.1.254), [enp0s1] "ENTER";
- It will now ask you to enter the MAC's of the client computers, as we are not going to configure type "N" and "N";
- Which IP will initiate clonezilla's DHCP? "1" and how many will be connected? It depends on the daily amount you apply the image, for a 24-port switch I indicate "22";
- IP addresses will be configured for clients connected to interface enp0s3 from 1 to 22, accept? "Y" and "ENTER";
- We will not use the DISKLESS service, "2";
- In the system, there are 4 modes available for clonezilla: "1";
- When using clonezilla, in which directory on this server do you want to store the saved image? "/home/partimag";
- Do you want to configure the clients' pxelinux password to have when the clients start? "N";
- Do you want to configure the boot prompt for clients? "Y";
- How many tenths of a second does the clients boot prompt count down? [70] "ENTER";
- Do you want to use graphical background for the PXE menu when the client starts? "Y";
- Do you want to leave the DRBL server as a NAT server? "Y";
- Now we are ready to make the files available to the system! Do you wish to continue? "Y";
Once the server is configured, just start using it:
sudo /usr/sbin/dcs clonezilla-start
• To open the clonezilla interface and choose restore options manually:
sudo dcs
• To clear previous image run command:
sudo drbl-ocs stop
• Restart command to clear dhcp server's PXE lease:
sudo systemctl restart isc-dhcp-server.service
Examples of commands to start image restoration on micro clients:
sudo drbl-ocs -g auto -e1 auto -e2 -r -x -j2 -sc0 -p reboot -l pt_BR.UTF-8 startdisk restore dell_optiplex_3080_win10_pro_64_SYSPREP_pmpr_2021-08-24-16-img nvme0n1
sudo drbl-ocs -g auto -e1 auto -e2 -r -x -j2 -sc0 -p reboot -l pt_BR.UTF-8 startdisk restore lenovo_thinkstation_p330_win10_pro_64_SYSPREP_pmpr_2021-08-25-10-img nvme0n1
sudo drbl-ocs -g auto -e1 auto -e2 -r -x -j2 -sc0 -p reboot -l pt_BR.UTF-8 startdisk restore POSITIVO_MASTER-D580_win10_pro_64_modelo_2021-08-19-16-img sda
Last edit: Juarez Rodrigues Baena 2023-06-04
It's a little complicated... You have to use shim and grub for uEFI secure boot.
For Clonezilla lite server, it's possible if you do not want to relay the DHCP request. You can refer to this doc:
https://wiki.ubuntu.com/UEFI/SecureBoot/PXE-IPv6#DHCPv4_.28dnsmasq.29
Make your dnsmasq.conf like:
dhcp-boot=pxelinux.0
dhcp-match=set:efi-x86_64,option:client-arch,7
dhcp-boot=tag:efi-x86_64,bootx64.efi
More references:
http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2017q1/011124.html
[PATCH] efinet: get bootstrap info from proxy offer packet
https://lists.gnu.org/archive/html/grub-devel/2016-04/msg00051.html
Steven