iPXE discussion forum

In my quest to get a signed IPXE going for my small PC business (I Have an extensive PXE boot environment), I stumped across the signed IPXE boat loader from 2Pint Software.

Looks like they baked in some mechanism to use their custom 2PXE server, but this thing is a signed snponly.efi IPXE file. After letting it timeout I was able to ctrl-B to a command prompt and have it grab my IPXE config file and do IPXE things with it.

Their server software is not really what I wanted, but this shows you can sign an IPXE file. Anyone played with this? I wasn't able to track any output to see what it wanted from the server to get it to load my IPXE config files. But, it's a secure boot IPXE, shows it can be done.

2Pints binary has an embedded script.

There is lots of documentation of that iPXE can be signed and also documentation for how to build see: http://ipxe.org/appnote/etoken
2Pint was one of the big driving forces to get Microsoft to accept iPXE as signed in the first place.

So the only thing you need for a signed version of iPXE is to get a code signing EV cert, and then submit it to Microsoft.

You can also find their sources at: http://git.ipxe.org/vendor/2pint/ipxe.git

The instructions on that site made it seem hopeless from MS. The five hun for the cert is not a big deal.