+- iPXE discussion forum (https://forum.ipxe.org)
+-- Forum: iPXE user forums (/forumdisplay.php?fid=1)
+--- Forum: General (/forumdisplay.php?fid=2)
+--- Thread: 2Pint Software Signed IPXE (/showthread.php?tid=10491)
2Pint Software Signed IPXE - gizmoshq - 2017-11-03 17:47
In my quest to get a signed IPXE going for my small PC business (I Have an extensive PXE boot environment), I stumped across the signed IPXE boat loader from 2Pint Software.
Looks like they baked in some mechanism to use their custom 2PXE server, but this thing is a signed snponly.efi IPXE file. After letting it timeout I was able to ctrl-B to a command prompt and have it grab my IPXE config file and do IPXE things with it.
Their server software is not really what I wanted, but this shows you can sign an IPXE file. Anyone played with this? I wasn't able to track any output to see what it wanted from the server to get it to load my IPXE config files. But, it's a secure boot IPXE, shows it can be done.
RE: 2Pint Software Signed IPXE - NiKiZe - 2017-11-04 00:21
2Pints binary has an embedded script.
There is lots of documentation of that iPXE can be signed and also documentation for how to build see: http://ipxe.org/appnote/etoken
2Pint was one of the big driving forces to get Microsoft to accept iPXE as signed in the first place.
So the only thing you need for a signed version of iPXE is to get a code signing EV cert, and then submit it to Microsoft.
You can also find their sources at: http://git.ipxe.org/vendor/2pint/ipxe.git
RE: 2Pint Software Signed IPXE - gizmoshq - 2017-11-04 05:50
The instructions on that site made it seem hopeless from MS. The five hun for the cert is not a big deal.