Unified Extensible Firmware Interface (UEFI) pre-boot environments
Citrix Virtual Apps and Desktops supports Unified Extensible Firmware Interface (UEFI) hardware technology on Hyper-V (Generation 2) and ESX VMs. These elements are managed using SCVMM and vCenter respectively and streamed using Citrix Provisioning. This functionality enables you to:
- Stream the server operating system at startup time using Gb network speeds, so users experience faster startups.
- Support TB disks in a virtualized environment.
UEFI is a complete replacement for the BIOS and requires a new bootstrap. Two bootstraps are available: one for 32-bit and one for 64-bit systems. The introduction of another bootstrap complicates network topologies depending upon how the bootstrap is delivered.
When configuring UEFI, consider:
- The operating system disk used for the UEFI VM requires the GUID Partition Table (GPT).
- When installing an operating system that uses UEFI, Windows automatically configures it for GPT.
UEFI target boot menu supports a maximum of nine entries.
Secure boot in UEFI
Citrix Provisioning supports Secure Boot in UEFI on these platforms:
- Physical machines with UEFI firmware and the Secure Boot option.
- Hyper-V 2016 and later VMs that use the Microsoft UEFI Certificate Authority template in the Secure Boot setting. Hyper-V 2012 R2 is not supported.
- Hyper-V 2016 and newer versions.
- ESX must use version 6.5 or newer.
- Guest UEFI boot and secure boot are supported on Citrix 8.1 Hypervisors. See the Citrix Hypervisor documentation for more information.
Secure boot is supported on physical machines that support UEFI.
Using a PXE server allows for the simplest topology because the PXE protocol supports multiple architectures. The Citrix Provisioning PXE Server recognizes the architecture flag embedded in DHCP, then discovers and returns the appropriate bootstrap file name. Both legacy BIOS computers and UEFI computers can therefore be on the same network segment.
If DHCP option 67 is chosen, there are two topology options:
- On a single segment, use DHCP reservations to specify the bootstrap file name (option 67) for every target device. This process is feasible for smaller environments but quickly scales out of hand for enterprise environments.
- Divide the environment into multiple segments, isolating the legacy devices from the UEFI devices. For each segment, configure a DHCP scope with the appropriate option 67 set.
The UEFI bootstrap cannot have embedded settings. DHCP options are therefore used to configure the UEFI bootstrap.
Option 11 allows you to specify multiple IPv4 addresses. Use this option to specify the addresses of the streaming NICs on the provisioning server. You can specify more than four addresses. The UEFI bootstrap reads all addresses then uses round-robin to select one address to connect to.
Option 17 takes precedence over option 11.
The Root Path option is typically used with iSCSI to specify the server and virtual disk to start. Citrix Provisioning uses the following format to specify the server address:
pvs – Required identifier
IPv4 – Address of a streaming NIC on the Provisioning Services server
17 – Protocol identifier for UDP (required if a logon port is specified)
port – Logon port (not required if the default port of 6910 is used)
Associating a target device with a bootstrap
Use the BOOTPTAB file to associate a target device with a specific bootstrap. The following issues apply to the format of the BOOTPTAB file to support mixed legacy and UEFI environment:
artag specifies the architecture of the target device’s boot environment. You can make multiple entries for the same MAC address but different architectures. This tag is useful for hardware supporting both legacy BIOS and UEFI booting.
- Wildcards are not supported. If an entry for a given MAC address is not found in the BOOTPTAB file, a default value is used.
The following table lists the architectures for BOOTPTAB:
|Bootstrap file name
|EBC (for VMware ESX)
BOOTPTAB file is still needed even if PXE are used.
The full list of architectures is available from the IETF.
The format of the BOOTPTAB file is:
If the architecture flag is missing, 0 is the default value.