Product Documentation

Configuring UEFI Bootstrap

Sep 28, 2016

Provisioning services provides support for UEFI pre-boot environments. Using this functionality, you can stream (at startup time) using gigabit network speeds, which effectively improves the user experience. Along with this support, users can now utilize disks exceeding 2 TB.

UEFI implementation with two bootstraps

UEFI is a complete replacement for the BIOS and requires a new bootstrap. This functionality is comprised of platform dependent bootstraps, currently a bootstrap for x86 platforms, and one for x64 platforms. The introduction of another bootstrap complicates network topologies depending on how the bootstrap is delivered. This article provides guideance for implementing this functionality.

Network topology

Using a PXE server allows for the simplest topology becuase the PXE protocol is designed to work with multiple architectures. The PVS PXE server has been updated to recognize the architecture flag embedded in the DHCP discover process, and a result, returns the appropriate bootstrap filename. This enhancement enables both legacy BIOS computers and UEFI computers to be located on the same network segment.

With DCHP option 67 (the BootFile Name), two topology options exist:

  • On a single network segment, use DHCP reservations to specify the bootstrap filename (option 67) for each and every target device.

This process is feasible for smaller environments, but quickly scales to a scenario that is difficult to implement in large, enterprise environments.

  • Divide the environment into multiple network segments to isolate the legacy devices from UEFI devices. For each segment, configure a DHCP server with the appropriate Option 67 set.

Configuring bootstraps

There are no changes to the legacy bootstrap; it's configured in the same fashion as other boot strap configurations. That is, it's configured using the same Configure Bootstrap option on a PVS server's context menu.

To support compatibility with SecureBoot in a future release, the UEFI bootstrap cannot possess embedded settings like the legacy bootstrap because no modification is allowed after the bootstrap is certified for SecureBoot. Therefore, DHCP options are used to deliver settings to the UEFI bootstrap.

Setting the DHCP option for RLP server

Setting DHCP options for RLP server (option 11) allows you to specify multiple IPv4 addresses. This option specifies the addressess of the streaming NICS on the PVS server. When configuring this option, you can specify up to 32 addresses. The UEFI bootstrap reads all addresses, then uses a round-robin process to select one address for the connection.

Setting the DHCP option for root path

The root path option (option 17) is typically used with iSCSI to specify the server and the virtual disk to boot. PVS uses the following format to specify the server address:

pvs:[IPv4]<:17:6910>

pvs - Required identifier

IPv4 - Address of a streaming NIC on the PVS server

17 - Protocol identifier for UDP, required if the logon port is specified

6910 - Represents the login port; this field is not required if the default port (6910) is used.

For example:

pvs:[server.corp.com]:17:6910

pvs:[server.corp.com]

pvs:[10.2.3.4]

pvs:[10.2.3.4]:17:6910

An alternative format uses a hostname instead of an IP address. If DHCP option is set to DHCP Server (option 15), the UEFI bootstrap performs a DNS lookup to resolve the hostname to an IP address. In addition, DNS round robin, in combination with records for each PVS server, may be used to distribute login connections across all PVS servers in the site.

pvs:[hostname]:17:6910

pvs - Required identifier

hostname - This required field represents the hostname of the PVS server you are connecting to

17 - Protocol identifier for UDP, required if the logon port is specified

6910 - Represents the login port; this field is not required if the default port (6910) is used.

When setting the DHCP option for root path selection, the format should be:

[ ] options are required, <  > are optional fields

For example:

pvs:[server.corp.com]:17:6910

pvs:[server.corp.com]

pvs:[10.2.3.4] 

BOOTPTAB file changes

The format of the BOOTPTAB file has changed to support mixed legacy and UEFI environments. These updates include:

  • The inclusion of the ar tag to specify the architecture of the target device's boot environment. You can now include multiple entries for the same MAC address, but different architectures. 

The ar tag is beneficial in envionrments with hardware supporting both legacy BIOS and UEFI booting.

  • Wildcards are no longer supported. If an entry for a given MAC address is not found in the BOOTPTAB file, then the registry is searched for an appropriate value for the architecture. If neither is found, a default value is used.

Disable SecureBoot

PVS supports UEFI SecureBoot, but Microsoft Hyper-V does not support multple SecureBoot root certificates. Hyper-V Generation 2 VMs enable SecureBoot by deafult, so it must be disabled for each of these VM types. 

메모

Physical UEFI computers do have experience problems supporting SecureBoot.

UEFI features not implemented

Due to architectural differences between legacy BIOS and UEFI systems, some features of PVS are not implemented: BDM and the boot menu.

vDisk versioning makes use of the boot menu to select which type of vDisk (maintenance, test, or production) to boot. If there are multiple test versions available, the system automatically selects the highest version.

메모

If a maintenance device boots, it will take either the maintenance version, highest test version, or a production version depending on what is available. If updates are applied while the maintenance device is streaming a test or production vDisk, the changes will be lost on reboot.