ipxe.lkrn BIOS TLS issue

topcat01 · 2019-09-17 06:11:15

Hi, I prepared a USB netboot image following the netboot wiki: https://wiki.archlinux.org/index.php/Netboot
The ipxe.lkrn is from: https://www.archlinux.org/static/netboo … 7b45a.lkrn
The system is BIOS based.

The ipxe.lkrn image boots successfully but when it tries to access https://www.archlinux.org/releng/netboot/archlinux.ipxe it fails with "Operation not permitted". IPXE shows the error url http://ipxe.org/410de13c which points to a TLS issue (Fatal alert).
Not sure how to proceed. The networking seems to be working fine. Typing route at the ipxe prompt shows an ip address has been assigned. Is there a certificate issue with ipxe.lkrn?

PiousMinion · 2019-09-19 06:46:23

I have the same problem with the EFI image.
I've tested on bare metal and a VM.

ipxe.org suggests it may be TLS certificate related. Perhaps an update to the ipxe image is in order? I have no idea.

Lone_Wolf · 2019-09-19 13:06:06

Netboot images are maintained by the release engineering people.

You might want to file a bug report for "Release Engineering" or post to the arch-releng ML about this.

topcat01 · 2019-10-01 22:06:51

Done!

https://lists.archlinux.org/pipermail/a … 03925.html

qupfer · 2019-10-24 09:29:04

I played a bit around and found a (dirty) solution.
Just add the script in the pxe directly (using this https://aur.archlinux.org/packages/ipxe-netboot and modify the arch.ipxe file and the PKBUILD file to skip the checksum check.
my ipxe.pxe

If I link to a file on my site, the same error occurs. So its probably al TLS thing (no matching Cipher....) and not an invalid certificate. Linking to a plain http source works well.

Last edited by qupfer (2019-10-24 09:30:03)

callmejoe · 2019-11-09 15:07:38

qupfer wrote:

I played a bit around and found a (dirty) solution.
Just add the script in the pxe directly (using this https://aur.archlinux.org/packages/ipxe-netboot and modify the arch.ipxe file and the PKBUILD file to skip the checksum check.
my ipxe.pxe
If I link to a file on my site, the same error occurs. So its probably al TLS thing (no matching Cipher....) and not an invalid certificate. Linking to a plain http source works well.

i'm having the same issue but i am not sure how to implement your solution.

enc · 2019-12-08 21:38:33

callmejoe wrote:

qupfer wrote:
I played a bit around and found a (dirty) solution.
Just add the script in the pxe directly (using this https://aur.archlinux.org/packages/ipxe-netboot and modify the arch.ipxe file and the PKBUILD file to skip the checksum check.
my ipxe.pxe
If I link to a file on my site, the same error occurs. So its probably al TLS thing (no matching Cipher....) and not an invalid certificate. Linking to a plain http source works well.
i'm having the same issue but i am not sure how to implement your solution.

Yep it works over HTTP. iPXE does not like the archlinux.org TLS certificate for some reason. So if you download archlinux.ipxe and store it on your either local or remote webserver - it works.

I just did:
1) wget https://www.archlinux.org/releng/netboot/archlinux.ipxe
2) python3 -m http.server 80
3) (when you get prompt in iPXE after error type:) chain http;//192.168.xxx.xxx/archlinux.ipxe

How weird it still has not been fixed : (

lrz · 2019-12-12 09:02:23

I confirm the issue and enc solution's works well.

Arch Linux

#1 2019-09-17 06:11:15

ipxe.lkrn BIOS TLS issue

#2 2019-09-19 06:46:23

Re: ipxe.lkrn BIOS TLS issue

#3 2019-09-19 13:06:06

Re: ipxe.lkrn BIOS TLS issue

#4 2019-10-01 22:06:51

Re: ipxe.lkrn BIOS TLS issue

#5 2019-10-24 09:29:04

Re: ipxe.lkrn BIOS TLS issue

#6 2019-11-09 15:07:38

Re: ipxe.lkrn BIOS TLS issue

#7 2019-12-08 21:38:33

Re: ipxe.lkrn BIOS TLS issue

#8 2019-12-12 09:02:23

Re: ipxe.lkrn BIOS TLS issue

Board footer