UEFI PXE boots into grub console

aauer · October 10, 2019, 4:07pm

Hi,

first Hi to the community. We setup foreman with katello in the last weeks. I got provisioning/discovery on VMs and baremetal IBM Servers running, but only with BIOS, not UEFI. The machine picks up the shim.efi, but only boots into the grub console, does not pickup any of the menus etc.

We use an external tftp with dnsmasq, which worked for the BIOS part.

Many thanks and greetings,

Alex

Problem:

Machine boots into grub console

Expected outcome:

Machine boots discovery image / boot menu

Foreman and Proxy versions:

Foreman (proxy) 1.22.1

Foreman and Proxy plugin versions:

Discovery 1.0.4

Other relevant data:


Oct 10 17:53:23 stargate dnsmasq-dhcp[7973]: 1214612318 available DHCP subnet: 172.17.2.0/255.255.255.0

Oct 10 17:53:23 stargate dnsmasq-dhcp[7973]: 1214612318 vendor class: PXEClient:Arch:00007:UNDI:003001

Oct 10 17:53:23 stargate dnsmasq-dhcp[7973]: 1214612318 PXE(eth1) 00:1a:4a:16:01:51 proxy

Oct 10 17:53:23 stargate dnsmasq-dhcp[7973]: 1214612318 tags: BC_EFI, eth1

Oct 10 17:53:23 stargate dnsmasq-dhcp[7973]: 1214612318 bootfile name: grub2/shim.efi

Oct 10 17:53:23 stargate dnsmasq-dhcp[7973]: 1214612318 next server: 172.17.2.221

Oct 10 17:53:23 stargate dnsmasq-dhcp[7973]: 1214612318 broadcast response

Oct 10 17:53:23 stargate dnsmasq-dhcp[7973]: 1214612318 sent size: 1 option: 53 message-type 2

Oct 10 17:53:23 stargate dnsmasq-dhcp[7973]: 1214612318 sent size: 4 option: 54 server-identifier 172.17.2.221

Oct 10 17:53:23 stargate dnsmasq-dhcp[7973]: 1214612318 sent size: 9 option: 60 vendor-class 50:58:45:43:6c:69:65:6e:74

Oct 10 17:53:23 stargate dnsmasq-dhcp[7973]: 1214612318 sent size: 17 option: 97 client-machine-id 00:23:79:a2:05:c5:24:db:45:8c:37:61:bb:3d...

Oct 10 17:53:27 stargate dnsmasq-dhcp[7973]: 1214612318 available DHCP subnet: 172.17.2.0/255.255.255.0

Oct 10 17:53:27 stargate dnsmasq-dhcp[7973]: 1214612318 vendor class: PXEClient:Arch:00007:UNDI:003001

Oct 10 17:53:27 stargate dnsmasq-dhcp[7973]: 2437221247 available DHCP subnet: 172.17.2.0/255.255.255.0

Oct 10 17:53:27 stargate dnsmasq-dhcp[7973]: 2437221247 vendor class: PXEClient:Arch:00007:UNDI:003001

Oct 10 17:53:27 stargate dnsmasq-dhcp[7973]: 2437221247 PXE(eth1) 00:1a:4a:16:01:51 proxy

Oct 10 17:53:27 stargate dnsmasq-dhcp[7973]: 2437221247 tags: BC_EFI, eth1

Oct 10 17:53:27 stargate dnsmasq-dhcp[7973]: 2437221247 bootfile name: grub2/shim.efi

Oct 10 17:53:27 stargate dnsmasq-dhcp[7973]: 2437221247 next server: 172.17.2.221

Oct 10 17:53:27 stargate dnsmasq-dhcp[7973]: 2437221247 sent size: 1 option: 53 message-type 5

Oct 10 17:53:27 stargate dnsmasq-dhcp[7973]: 2437221247 sent size: 4 option: 54 server-identifier 172.17.2.221

Oct 10 17:53:27 stargate dnsmasq-dhcp[7973]: 2437221247 sent size: 9 option: 60 vendor-class 50:58:45:43:6c:69:65:6e:74

Oct 10 17:53:27 stargate dnsmasq-dhcp[7973]: 2437221247 sent size: 17 option: 97 client-machine-id 00:23:79:a2:05:c5:24:db:45:8c:37:61:bb:3d...

Oct 10 17:53:27 stargate dnsmasq-dhcp[7973]: 2437221247 sent size: 10 option: 43 vendor-encap 06:01:08:0a:04:00:50:58:45:ff

Oct 10 17:53:28 stargate dnsmasq-tftp[7973]: error 8 User aborted the transfer received from 172.17.2.243

Oct 10 17:53:28 stargate dnsmasq-tftp[7973]: failed sending /var/lib/tftpboot/grub2/shim.efi to 172.17.2.243

Oct 10 17:53:28 stargate dnsmasq-tftp[7973]: sent /var/lib/tftpboot/grub2/shim.efi to 172.17.2.243

Oct 10 17:53:29 stargate dnsmasq-tftp[7973]: sent /var/lib/tftpboot/grub2/grubx64.efi to 172.17.2.243

lzap · October 10, 2019, 6:00pm

Hello and welcome to our community!

What platform is the TFTP running on and where did you get the grubx64.efi file from? Our installer simply gets that from the OS, compare that to /boot/efi/EFI/*/grubx64.efi (via md5sum).

I am assuming SecureBoot is turned off, this is a pain to get working over PXE so turn it off at this point.

aauer · October 10, 2019, 6:12pm

everything CentOS. Secureboot is off.

aauer · October 11, 2019, 9:15am

Hi,

I just crosschecked everything. the md5sums are identical.

Folderstructure of /var/lib/tftpboot/grub

lrwxrwxrwx.  1 foreman-proxy root                7 Oct  5 16:37 boot -> ../boot
-rwxrwxrwx.  1 foreman-proxy root          1211224 Oct 11 11:06 bootx64.efi
-rwxrwxrwx.  1 foreman-proxy root             6023 Oct 11 10:45 grub.cfg
-rw-r--r--.  1 foreman-proxy foreman-proxy     576 Oct 10 17:53 grub.cfg-01-00-1a-4a-16-01-51
-rw-r--r--.  1 foreman-proxy foreman-proxy    5841 Oct  9 13:10 grub.cfg-01-00-1a-4a-16-01-6f
-rw-r--r--.  1 foreman-proxy foreman-proxy    5841 Oct 10 14:29 grub.cfg-01-5c-f3-fc-fc-06-90
-rw-r--r--.  1 foreman-proxy foreman-proxy    5841 Oct 10 14:31 grub.cfg-01-5c-f3-fc-fc-13-60
-rw-r--r--.  1 foreman-proxy foreman-proxy    5841 Oct 10 14:54 grub.cfg-01-6c-ae-8b-4d-1c-9a
-rw-r--r--.  1 foreman-proxy foreman-proxy    5841 Oct  9 09:04 grub.cfg-01-e4-1f-13-6d-5e-7e
-rwxrwxrwx.  1 foreman-proxy root          1733512 Oct 11 11:06 grubx64.efi
-rw-r--r--.  1 foreman-proxy root          1205248 Oct 10 17:42 shim.efi
-rwxrwxrwx.  1 foreman-proxy root          1211224 Oct 11 10:21 shimx64.efi

I just added 777 to chmod to ensure, it’s not a permission issue. I screencapped the console (no way to copy/paste unfortunately) https://imgur.com/a/I41ycaZ

lzap · October 11, 2019, 1:52pm

The machine should only pick shim.efi if you select “SecureBoot” PXE loader. Try this one: “PXEGrub2 UEFI”.