Skip to content
Snippets Groups Projects
Verified Commit ae39f779 authored by anarcat's avatar anarcat
Browse files

try named configs instead of a patch

parent cc1b413f
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
Showing
with 35 additions and 99 deletions
howto/quintex.md
+ 35
99
View file @ ae39f779
......@@ -137,105 +137,38 @@ You need to rebuild iPXE with `DOWNLOAD_PROTO_HTTPS` and UEFI support:
```
git clone git://git.ipxe.org/ipxe.git
patch < PATH_TO_PATCH_HERE
cd ipxe/src
make -j4 bin-x86_64-efi/ipxe.efi
dd if=/dev/zero of=./ipxe.img bs=512 count=2880
losetup loop0 ./ipxe.img
mkfs.msdos /dev/loop0
sudo mount /dev/loop0 /mnt
mkdir -p /mnt/EFI/BOOT
cp bin-x86_64-efi/ipxe.efi /mnt/EFI/BOOT/BOOTX64.EFI
sudo umount /mnt ; loseup -d loop0
mkdir config/local/tpa/
cat > config/local/tpa/general.h <<EOF
#define DOWNLOAD_PROTO_HTTPS /* Secure Hypertext Transfer Protocol */
#undef NET_PROTO_STP /* Spanning Tree protocol */
#undef NET_PROTO_LACP /* Link Aggregation control protocol */
#undef NET_PROTO_EAPOL /* EAP over LAN protocol */
#undef CRYPTO_80211_WEP /* WEP encryption (deprecated and insecure!) */
#undef CRYPTO_80211_WPA /* WPA Personal, authenticating with passphrase */
#undef CRYPTO_80211_WPA2 /* Add support for stronger WPA cryptography */
#define NSLOOKUP_CMD /* DNS resolving command */
#define TIME_CMD /* Time commands */
#define REBOOT_CMD /* Reboot command */
#define POWEROFF_CMD /* Power off command */
#define PING_CMD /* Ping command */
#define IPSTAT_CMD /* IP statistics commands */
#define NTP_CMD /* NTP commands */
#define CERT_CMD /* Certificate management commands */
EOF
make -j4 bin-x86_64-efi/ipxe.efi CONFIG=tpa &&
dd if=/dev/zero of=./ipxe.img bs=512 count=2880 &&
losetup loop0 ./ipxe.img &&
mkfs.msdos /dev/loop0 &&
sudo mount /dev/loop0 /mnt &&
mkdir -p /mnt/EFI/BOOT &&
cp bin-x86_64-efi/ipxe.efi /mnt/EFI/BOOT/BOOTX64.EFI &&
sudo umount /mnt &&
losetup -d /dev/loop0
```
The `PATH_TO_PATCH_HERE` is:
```
diff --git a/src/config/general.h b/src/config/general.h
index 2d15f500..3260ad6e 100644
--- a/src/config/general.h
+++ b/src/config/general.h
@@ -37,9 +37,9 @@ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL );
#define NET_PROTO_IPV4 /* IPv4 protocol */
//#define NET_PROTO_IPV6 /* IPv6 protocol */
#undef NET_PROTO_FCOE /* Fibre Channel over Ethernet protocol */
-#define NET_PROTO_STP /* Spanning Tree protocol */
-#define NET_PROTO_LACP /* Link Aggregation control protocol */
-#define NET_PROTO_EAPOL /* EAP over LAN protocol */
+#undef NET_PROTO_STP /* Spanning Tree protocol */
+#undef NET_PROTO_LACP /* Link Aggregation control protocol */
+#undef NET_PROTO_EAPOL /* EAP over LAN protocol */
/*
* PXE support
@@ -55,7 +55,7 @@ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL );
#define DOWNLOAD_PROTO_TFTP /* Trivial File Transfer Protocol */
#define DOWNLOAD_PROTO_HTTP /* Hypertext Transfer Protocol */
-#undef DOWNLOAD_PROTO_HTTPS /* Secure Hypertext Transfer Protocol */
+#define DOWNLOAD_PROTO_HTTPS /* Secure Hypertext Transfer Protocol */
#undef DOWNLOAD_PROTO_FTP /* File Transfer Protocol */
#undef DOWNLOAD_PROTO_SLAM /* Scalable Local Area Multicast */
#undef DOWNLOAD_PROTO_NFS /* Network File System Protocol */
@@ -77,7 +77,7 @@ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL );
*
*/
#define HTTP_AUTH_BASIC /* Basic authentication */
-#define HTTP_AUTH_DIGEST /* Digest authentication */
+//#define HTTP_AUTH_DIGEST /* Digest authentication */
//#define HTTP_AUTH_NTLM /* NTLM authentication */
//#define HTTP_ENC_PEERDIST /* PeerDist content encoding */
//#define HTTP_HACK_GCE /* Google Compute Engine hacks */
@@ -86,9 +86,9 @@ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL );
* 802.11 cryptosystems and handshaking protocols
*
*/
-#define CRYPTO_80211_WEP /* WEP encryption (deprecated and insecure!) */
-#define CRYPTO_80211_WPA /* WPA Personal, authenticating with passphrase */
-#define CRYPTO_80211_WPA2 /* Add support for stronger WPA cryptography */
+#undef CRYPTO_80211_WEP /* WEP encryption (deprecated and insecure!) */
+#undef CRYPTO_80211_WPA /* WPA Personal, authenticating with passphrase */
+#undef CRYPTO_80211_WPA2 /* Add support for stronger WPA cryptography */
/*
* Name resolution modules
@@ -139,24 +139,24 @@ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL );
#define LOGIN_CMD /* Login command */
#define SYNC_CMD /* Sync command */
#define SHELL_CMD /* Shell command */
-//#define NSLOOKUP_CMD /* DNS resolving command */
-//#define TIME_CMD /* Time commands */
+#define NSLOOKUP_CMD /* DNS resolving command */
+#define TIME_CMD /* Time commands */
//#define DIGEST_CMD /* Image crypto digest commands */
//#define LOTEST_CMD /* Loopback testing commands */
//#define VLAN_CMD /* VLAN commands */
//#define PXE_CMD /* PXE commands */
-//#define REBOOT_CMD /* Reboot command */
-//#define POWEROFF_CMD /* Power off command */
+#define REBOOT_CMD /* Reboot command */
+#define POWEROFF_CMD /* Power off command */
//#define IMAGE_TRUST_CMD /* Image trust management commands */
//#define PCI_CMD /* PCI commands */
//#define PARAM_CMD /* Form parameter commands */
//#define NEIGHBOUR_CMD /* Neighbour management commands */
-//#define PING_CMD /* Ping command */
+#define PING_CMD /* Ping command */
//#define CONSOLE_CMD /* Console command */
-//#define IPSTAT_CMD /* IP statistics commands */
+#define IPSTAT_CMD /* IP statistics commands */
//#define PROFSTAT_CMD /* Profiling commands */
-//#define NTP_CMD /* NTP commands */
-//#define CERT_CMD /* Certificate management commands */
+#define NTP_CMD /* NTP commands */
+#define CERT_CMD /* Certificate management commands */
//#define IMAGE_MEM_CMD /* Read memory command */
#define IMAGE_ARCHIVE_CMD /* Archive image management commands */
```
An alternative to this is to use [named configurations](https://ipxe.org/appnote/named_config) instead of
patching the global file.
Here we use [named configurations](https://ipxe.org/appnote/named_config) instead of patching the
`global.h` file. To be verified.
## iPXE booting
......@@ -250,10 +183,11 @@ the iPXE environment is like this:
* net1: public network
* not detected: extra Intel gigabit network
Make sure the BIOS clock is up to date and that iPXE can ping and
resolve hosts on the Internet.
First, connect to the VPN to access the OOB management (see above).
Then upload the `ipxe.img` built in the previous section as a virtual
Make sure the BIOS clock is up to date.
Upload the `ipxe.img` built in the previous section as a virtual
floppy image and reboot.
Press <kbd>F11</kbd> to bring up the boot menu and select the `UEFI:
......@@ -287,6 +221,8 @@ You can check the open/closed status of the interfaces with:
ifstat
Make sure that iPXE can ping and resolve hosts on the Internet: TODO.
Finally, boot the image:
```
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment