openstack/ironic
Code Issues Proposed changes

Merge "docs: add some additional context around iPXE and secure boot"

Browse Source
This commit is contained in:
Zuul 2024-06-12 15:02:43 +00:00 committed by Gerrit Code Review
commit 89dae21abb
1 changed files with 9 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
doc/source/install/configure-pxe.rst
View File

@ -140,6 +140,9 @@ In order to deploy instances with PXE on bare metal nodes which support
UEFI, perform these additional steps on the ironic conductor node to configure UEFI, perform these additional steps on the ironic conductor node to configure
the PXE UEFI environment. the PXE UEFI environment.
.. NOTE:: Most commercial Linux distributions have signed shim and grub
binaries, which are required for Secure Boot.
#. Install Grub2 and shim packages: #. Install Grub2 and shim packages:
Ubuntu (18.04LTS and later):: Ubuntu (18.04LTS and later)::
@ -260,6 +263,12 @@ on the Bare Metal service node(s) where ``ironic-conductor`` is running.
work, you can download a prebuilt one from http://boot.ipxe.org or build work, you can download a prebuilt one from http://boot.ipxe.org or build
one image from source, see http://ipxe.org/download for more information. one image from source, see http://ipxe.org/download for more information.
.. note::
The Ironic project is unaware of any vendor signed iPXE binaries to enable
use of iPXE with Secure Boot, unless you have implemented your own Secure
Boot key signing and support for the Machine Owner Key settings on
individual baremetal nodes.
#. Copy the iPXE boot image (``undionly.kpxe`` for **BIOS** and #. Copy the iPXE boot image (``undionly.kpxe`` for **BIOS** and
``ipxe.efi`` for **UEFI**) to ``/tftpboot``. The binary might ``ipxe.efi`` for **UEFI**) to ``/tftpboot``. The binary might
be found at: be found at: