Last active
July 7, 2024 17:25
-
-
Save spipm/aef2db9b28d085b0c162d0b21afbe0f1 to your computer and use it in GitHub Desktop.
Create (UEFI/Secureboot) PXE boot server on interface
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
# Run PXE boot server on interface | |
# Seems to work with UEFI and Secureboot | |
# Spip, 2023 | |
# | |
# Most stuff from https://www.youtube.com/watch?v=E_OlsA1hF4k | |
# | |
# Check args | |
if [ $# -eq 0 ]; then | |
echo "Usage: ./pxe-boot.sh [interface]" | |
exit | |
fi | |
# Configure interface variabel | |
pxe_interface=$1 | |
echo "Creating PXE Boot service for interface ${pxe_interface}" | |
# Serve Ubuntu 22.04.2 LTS (Jammy Jellyfish) Desktop image | |
pxe_iso=https://releases.ubuntu.com/22.04.2/ubuntu-22.04.2-desktop-amd64.iso | |
# Get packages | |
apt-get -y install xinetd tftpd tftp dnsmasq | |
# Create tftp directory | |
mkdir -p /srv/tftp/ | |
# Configure tftp | |
cat >/etc/xinetd.d/tftp <<EOL | |
service tftp | |
{ | |
protocol = udp | |
port = 69 | |
socket_type = dgram | |
wait = yes | |
user = nobody | |
server = /usr/sbin/in.tftpd | |
server_args = /srv/tftp/ | |
disable = no | |
} | |
EOL | |
# Set static ip on interface | |
ip addr add 192.168.99.1/24 dev $pxe_interface | |
# configure dnsmasq | |
cat >/etc/dnsmasq.conf <<EOL | |
interface=${pxe_interface} | |
bind-interfaces | |
dhcp-range=192.168.99.10,192.168.99.255 | |
dhcp-boot=bootx64.efi | |
enable-tftp | |
tftp-root=/srv/tftp/ | |
EOL | |
cd /tmp | |
# Get Ubuntu desktop LTE version (latest) | |
# You can also have the client download it directly via the url parameter | |
wget $pxe_iso -O lte.iso | |
# Mount it | |
mkdir /mnt/lte | |
mount ./lte.iso /mnt/lte | |
# Create dir for version | |
mkdir /srv/tftp/lte | |
# Copy Linux init files | |
cp /mnt/lte/casper/vmlinuz /srv/tftp/lte/ | |
cp /mnt/lte/casper/initrd /srv/tftp/lte/ | |
# Unmount iso | |
umount /mnt/lte | |
# Get loader from shim.signed | |
apt-get download shim.signed -y | |
dpkg-deb --fsys-tarfile ./shim-signed*deb | tar x | |
cp ./usr/lib/shim/shimx64.efi.signed.latest /srv/tftp/bootx64.efi | |
# Get signed grub from grub-efi-amd64-signed | |
apt download grub-efi-amd64-signed -y | |
dpkg-deb --fsys-tarfile /tmp/grub-efi-amd64-signed*deb | tar x | |
cp ./usr/lib/grub/x86_64-efi-signed/grubnetx64.efi.signed /srv/tftp/grubx64.efi | |
# Create grub directory | |
mkdir -p /srv/tftp/grub | |
# Configure grub | |
cat >/srv/tftp/grub/grub.cfg <<EOL | |
default=go | |
timeout=30 | |
timeout_style=menu | |
menuentry "Partytime!" --id=go { | |
linux /lte/vmlinuz ip=dhcp url=http://192.168.99.1/lte.iso noprompt noeject | |
echo "Initializing party mode.." | |
initrd /lte/initrd | |
} | |
EOL | |
# Restart services | |
service dnsmasq restart | |
service xinetd restart | |
# Run HTTP server for serving iso | |
mv ./lte.iso /srv/tftp/lte/ | |
cd /srv/tftp/lte/ | |
python3 -m http.server 80 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment