Post Reply 
 
Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
2Pint Software Signed IPXE
2017-11-03, 17:47
Post: #1
2Pint Software Signed IPXE
In my quest to get a signed IPXE going for my small PC business (I Have an extensive PXE boot environment), I stumped across the signed IPXE boat loader from 2Pint Software.

Looks like they baked in some mechanism to use their custom 2PXE server, but this thing is a signed snponly.efi IPXE file. After letting it timeout I was able to ctrl-B to a command prompt and have it grab my IPXE config file and do IPXE things with it.

Their server software is not really what I wanted, but this shows you can sign an IPXE file. Anyone played with this? I wasn't able to track any output to see what it wanted from the server to get it to load my IPXE config files. But, it's a secure boot IPXE, shows it can be done.
Find all posts by this user
Quote this message in a reply
2017-11-04, 00:21
Post: #2
RE: 2Pint Software Signed IPXE
2Pints binary has an embedded script.

There is lots of documentation of that iPXE can be signed and also documentation for how to build see: http://ipxe.org/appnote/etoken
2Pint was one of the big driving forces to get Microsoft to accept iPXE as signed in the first place.

So the only thing you need for a signed version of iPXE is to get a code signing EV cert, and then submit it to Microsoft.

You can also find their sources at: http://git.ipxe.org/vendor/2pint/ipxe.git

Use GitHub Discussions
VRAM bin
Visit this user's website Find all posts by this user
Quote this message in a reply
2017-11-04, 05:50
Post: #3
RE: 2Pint Software Signed IPXE
The instructions on that site made it seem hopeless from MS. The five hun for the cert is not a big deal.
Find all posts by this user
Quote this message in a reply
Post Reply 




User(s) browsing this thread: 3 Guest(s)