On 28/06/17 15:50, Charak, Vikas wrote:
Now I understand that ISO and .IPXE scripts are two different things but the process of Signature verification is same. This could be also be how ISO are treated in ipxe . Any help is appreciated. This is really good experiment which can show capabilities of IPXE. Also please let me know if I should post it somewhere else.
You can't use "chain" to boot an ISO image, because the ISO image itself is not an executable program.
SAN booting and chaining are different processes. SAN booting will create an EFI block device mapped to the specified SAN URI. This block device will (probably) contain a filesystem, which will contain a UEFI executable such as \EFI\Boot\BootX64.efi, and this executable is what actually gets executed.
Using "imgverify" has no effect on SAN booting, since you never attempt to directly execute the SAN device (since it is not an executable file).
The UEFI platform's Secure Boot policy will still apply to the BootX64.efi file located within the filesystem within the SAN booted ISO image. If the FreeBSD ISO contains a BootX64.efi that is not accepted by your platform's security policy, then it will not be able to boot. This is independent of iPXE; you would see the same effect if you were to burn the ISO to a DVD-ROM and attempt to boot locally.
Michael _______________________________________________ ipxe-devel mailing list [email protected] https://lists.ipxe.org/mailman/listinfo.cgi/ipxe-devel
