iPXE discussion forum

Full Version: shim.efi.signed and iPXE
You're currently viewing a stripped down version of our content. View the full version with proper formatting.
Hello everyone,

I need to load iPXE on computers that have secureboot enabled. Obviously this is an issue because iPXE does not have a purchased cert so it therefor won't authenticate.

What I am trying to do is use shim.efi.signed to boot into iPXE. Shim does have the proper cert and allows me to boot grubx64.efi which can read a standard grub.cfg I can modify.

Right now, I can boot my computer to a grub menu but when I select my programmed menu option I just receive a black screen.

Code:
if loadfont /grub/font.pf2 ; then
    set gfxmode=auto
    insmod efi_gop
    insmod efi_uga
    insmod gfxterm
    terminal_output gfxterm
fi

set menu_color_normal=white/black
set menu_color_highlight=black/light-gray

menuentry "Load iPXE" {
    set gfxpayload=keep
    linux /boot/IPXE.KRN
}


I found similar configs but they all use pxelinux.0 so functions like, KERNEL and APPEND don't apply. My setup is sort of special I guess.

Thanks for reading.
Well, you'll need to use ipxe.efi under UEFI, regardless if signed or not. There is work in progress to get iPXE signed from Microsoft, but we're currently having issues that the signing process requires the use of a Windows-only tool which doesn't work well with our deployment procedure. There are some anecdotal writings about this frustration on ipxe.org.
Reference URL's