You are not logged in.

#1 2018-06-03 12:21:48

sweetpete
Member
Registered: 2018-06-03
Posts: 1

dnsmasq PXE boot problem on UEFI

I have a strange problem when trying to PXE boot. I'm using dnsmasq-2.79-1.

When I try to PXE boot a BIOS system with the dnsmasq.conf attached below, the PXE boot manager will show me two entries and ask which one I want to boot:
PXELINUX (BIOS)
PXELINUX (0000-BIOS)

The boot manager will wait until I select one of the entries. If I comment out either the "pxe-service=x86PC" or the "pxe-service=0" entry and restart dnsmasq, my PXE BIOS will autoboot the one remaining entry just fine.

When I try the same thing on an UEFI machine, something strange will happen. The EFI PXE boot manager will show:
PXELINUX (X86-64_EFI)
PXELINUX (0007-EFI)

Selecting either one of the entries will work and boot the select entry just fine.

Using wireshark I found out that the PXE client sends "option (93): Client System Architecture: EFI BC (7)" to my PXE server. According to RFC4578: "EFI BC = 7" and "EFI x86_64 = 9", so the two values might be in the wrong order in dnsmasq.

dnsmasq/src/option.c:

char *CSA[] = { "x86PC", "PC98", "IA64_EFI", "Alpha", "Arc_x86", "Intel_Lean_Client",
			 "IA32_EFI", "x86-64_EFI", "Xscale_EFI", "BC_EFI",
			 "ARM32_EFI", "ARM64_EFI", NULL };

However, the even more strange thing is: If I comment out either the "pxe-service=X86_64-EFI" or the "pxe-service=7" line and restart dnsmasq, then dnsmasq will not send out any boot entry and network boot will fail.

Since the PXE boot is supposed to happen on a PC without a keyboard attached, I can't select one of the two entries and press <enter>. If just one entry would be present, the system could autoboot. But removing one of the two entries will just break the whole system and dnsmasq will not submit any entry any more to the client (checked with wireshark), so PXE boot will fail on UEFI.

(Using "dhcp-boot=efi64/syslinux.efi" will work, but since the PXE server should be able to server both BIOS and UEFI systems I can't use it, so I have to use "pxe-service")
(I don't think it's a problem with syslinux, since wireshark tells me that dnsmasq doesn't submit any boot image filename to the client and tftp log doesn't show me any access)

dnsmsaq.conf:

listen-address=10.0.20.1
interface=internal0
bind-interfaces

dhcp-range=10.0.20.100,10.0.20.200,5m

enable-tftp
tftp-root=/srv/tftp

pxe-service=x86PC, "PXELINUX (BIOS)", "bios/lpxelinux.0"
pxe-service=X86-64_EFI, "PXELINUX (X86-64_EFI)", "efi64/syslinux.efi"
pxe-service=BC_EFI, "PXELINUX (BC-EFI)", "efi64/syslinux.efi"

pxe-service=0, "PXELINUX (0000-BIOS)", "bios/lpxelinux.0"
pxe-service=1, "PXELINUX (0001-EFI)", "efi64/syslinux.efi"
pxe-service=2, "PXELINUX (0002-EFI)", "efi64/syslinux.efi"
pxe-service=3, "PXELINUX (0003-EFI)", "efi64/syslinux.efi"
pxe-service=4, "PXELINUX (0004-EFI)", "efi64/syslinux.efi"
pxe-service=5, "PXELINUX (0005-EFI)", "efi64/syslinux.efi"
pxe-service=6, "PXELINUX (0006-EFI)", "efi64/syslinux.efi"
pxe-service=7, "PXELINUX (0007-EFI)", "efi64/syslinux.efi"
pxe-service=8, "PXELINUX (0008-EFI)", "efi64/syslinux.efi"
pxe-service=9, "PXELINUX (0009-EFI)", "efi64/syslinux.efi"

Edit/Update 1:
Just read the dnsmasq changelog:

Swap the values if BC_EFI and x86-64_EFI in --pxe-service.
These were previously wrong due to an error in RFC 4578.
If you're using BC_EFI to boot 64-bit EFI machines, you
will need to update your config.

Workaround problems with UEFI PXE clients. There exist
in the wild PXE clients which have problems with PXE
boot menus. To work around this, when there's a single
--pxe-service which applies to client, then that target
will be booted directly, rather then sending a
single-item boot menu.

Obviously there are also some in the wild clients which have problems without a menu...

Last edited by sweetpete (2018-06-03 13:34:43)

Offline

#2 2021-08-02 14:38:12

usbpc
Member
Registered: 2021-08-02
Posts: 5

Re: dnsmasq PXE boot problem on UEFI

I think I stumbled onto the same bug you experienced today. I don't have a perfect solution to the problem, but I think I found some more information that could be useful for others having the same problem in the future.

For me a working configuration is this:

port=0
interface=eth0
except-interface=wlan0
dhcp-range=10.0.0.50,10.0.0.150,12h
enable-tftp
tftp-root=/mnt/data/netboot
pxe-service=x86-64_EFI,"PXELINUX (EFI)",efi64/syslinux.efi
pxe-service=7,"PXELINUX (EFI)",efi64/syslinux.efi
log-queries
log-facility=/var/log/dnsmasq.log

But removing any one of the two pxe-service options breaks it. Not displaying any boot menu, and also not straight up booting into the only option.

Part of that is intended, from what I gathered (I didn't read through all the dnsmasq mailing list), it seems that PXE UEFI boot was completly broken in 2016, and a few people figured out a patch that worked for all systems that they had access to, and the maintainer of dnsmasq accepted it (https://lists.thekelleys.org.uk/piperma … 10520.html).
However what they implemented, is that when only one menu entry would be present, they skip sending it as a menu, and only send it another way (sorry that I'm not more concrete, but I don't fully understand it myself yet). But as soon as there are two or more menu entries for the PXE UEFI to display, they have to send it, so they do.
That explains at least why there is such a different behaviour for having only one menu entry present, compared to having at least two menu entries present.

But as evident by @sweetpete and my attempts, this "other way" dosen't work with all PXE UEFI boot implementations.

From looking at the source for dnsmasq the same patch still seems to be active in the same way:
https://thekelleys.org.uk/gitweb/?p=dns … =HEAD#l966
https://thekelleys.org.uk/gitweb/?p=dns … HEAD#l2143

Although not the solution, I hope this will help someone in the future.

Offline

Board footer

Powered by FluxBB