Unified Extensible Firmware Interface (UEFI) pre-boot environments
Citrix Virtual Apps and Desktops supports Unified Extensible Firmware Interface (UEFI) hardware technology on Hyper-V (Generation 2) and ESX VMs. These elements are managed using SCVMM and vCenter respectively and streamed using Citrix Provisioning. This functionality enables you to:
- Stream the server operating system at startup time using gigabit network speeds, so users experience faster startups.
- Support TB disks in a virtualized environment.
UEFI is a complete replacement for the BIOS and requires a new bootstrap. Two bootstraps are available: one for 32-bit and one for 64-bit systems. The introduction of another bootstrap complicates network topologies depending upon how the bootstrap is delivered.
Secure Boot in UEFI
Citrix Provisioning supports Secure Boot in UEFI on these platforms:
- Physical machines with UEFI firmware and the Secure Boot option.
- Hyper-V 2016 and later VMs that use the Microsoft UEFI Certificate Authority template in the Secure Boot setting. Hyper-V 2012 R2 is not supported.
- ESX UEFI with Secure Boot.
Using a PXE server allows for the simplest topology because the PXE protocol works with multiple architectures. The Citrix Provisioning PXE Server recognizes the architecture flag embedded in the DHCP, then discovers and returns the appropriate bootstrap filename. Both legacy BIOS computers and UEFI computers may therefore be on the same network segment.
If DHCP option 67 is chosen, there are two topology options:
- On a single segment, use DHCP reservations to specify the bootstrap filename (option 67) for every target device. This process is feasible for smaller environments but quickly scales out of hand for enterprise environments.
- Divide the environment into multiple segments, isolating the legacy devices from the UEFI devices. For each segment, configure a DHCP scope with the appropriate option 67 set.
The UEFI bootstrap cannot have embedded settings. DHCP options are therefore used to configure the UEFI bootstrap.
DHCP Option 11 – RLP Server
Option 11 allows you to specify multiple IPv4 addresses. Use this option to specify the addresses of the streaming NICs on the provisioning server. You can specify more than four addresses. The UEFI bootstrap reads all addresses then uses round-robin to select one address to connect to.
Option 17 takes precedence over option 11.
DHCP Option 17 – Root Path
The Root Path option is typically used with iSCSI to specify the server and virtual disk to start. Citrix Provisioning uses the following format to specify the server address:
pvs:[IPv4]<:17:6910> pvs – Required identifier IPv4 – Address of a streaming NIC on the Provisioning Services server 17 – Protocol identifier for UDP (required if a logon port is specified) port – Logon port (not required if the default port of 6910 is used)
pvs:[server.corp.com]:17:6910 pvs:[server.corp.com] pvs:[192.168.1.1] pvs:[192.168.1.1]:17:6910
Associating a target device with a bootstrap
Use the BOOTPTAB file to associate a target device with a specific bootstrap. The following issues apply to the format of the BOOTPTAB file to support mixed legacy and UEFI environment:
- The ‘ar’ tag specifies the architecture of the target device’s boot environment. You can make multiple entries for the same MAC address but different architectures. This is useful for hardware supporting both legacy BIOS and UEFI booting.
- Wildcards are not supported. If an entry for a given MAC address is not found in the BOOTPTAB file, a default value is used.
The following table lists the architectures for BOOTPTAB:
|Value||Architecture||Bootstrap file name|
|9||EBC (for VMware ESX)||pvsnbpx64.efi|
The full list of architectures is available from the IETF.
The format of the BOOTPTAB file is:
If the architecture flag is missing, 0 is the default value.