Create UEFI HTTP Boot URLs
Newer servers support UEFI HTTP Boot. For each meltcloud-generated iPXE Boot Artifact, you can generate URLs that can be used for direct boot by UEFI HTTP Boot capable servers.
For details, see Boot Sequence – Option 3: Boot via UEFI HTTP(S) Boot from meltcloud platform.
Create an UEFI HTTP Boot URL
- Create an iPXE Boot Artifact first.
- Go to the created artifact, then select the tab → UEFI HTTP Boot URLs
- Configure the properties as desired:
Property | Description | Default | Can be changed after creation |
---|---|---|---|
Name | User defined name for the UEFI HTTP Boot URL | - | No |
Expires at | Date when the URL becomes invalid | in 365 days | No |
Protocols | Which protocols (HTTPS, HTTP, both) should be supported for the URL. See HTTP vs HTTPS below for considerations. | HTTPS only | No |
- Hit Create UEFI HTTP Boot URL.
Once created, you will find generated URLs for the various protocols and architectures for further use:
WARNING
Be aware that UEFI HTTP Boot URLs contain a secure token. Make sure your transfer and store your URLs securely and rotate them regularly – you can create multiple URLs for seamless rotation.
HTTP vs HTTPS
Since the URL contains a secure token and will distribute the iPXE Boot Artifact which contains sensitive key material, you must only use HTTP if you connect to the meltcloud platform over a secure channel. In all other cases – for example, if you reach meltcloud over the internet – you must use HTTPS.
Be aware that most servers UEFI environment is based on Intel's Open Source EDK2 framework. This environment has the following restrictions regarding HTTPS boot:
- By default, in EDK2, HTTP boot is disabled (only HTTPS works). Most vendors have explictly enabled it, though. If using HTTP, check that it is supported by your vendor.
- If you want to use HTTPS, you have to distribute the root CA of the meltcloud platform certificate (since the UEFI's don't contain any trusted CAs by default). This can usually be done either in the IPMI/BIOS or via an API like Redfish.
Configure the DHCP server for UEFI HTTP Boot
You can provide the URL for UEFI HTTP Boot via DHCP option to your server. An example for dnsmasq
:
...
# define an IP range for DHCP
dhcp-range=<ip-from>,<ip-to>,<mask>,<lease-time>
# default DHCP options for gateway and DNS
dhcp-option=option:router,<gateway-ip>
dhcp-option=option:dns-server,<dns-ip>
dhcp-option=option:ntp-server,<ntp-ip>
# Select architecture.
dhcp-match=set:arch_x64,option:client-arch,16
# Send boot url as boot file
dhcp-boot=tag:arch_x64,https://app.meltcloud.io/boot/uefi/10/amd64/K5a...
# Send HTTPClient as vendor dhcp options in the dhcp response.
# If this is not set, most UEFI HTTP Boot Server will just ignore the DHCPOffer and time out.
dhcp-pxe-vendor=HTTPClient
dhcp-option-force=tag:arch_x64,option:vendor-class,HTTPClient
...
Be aware that most BIOS' also allow you to enter an UEFI HTTP Boot URL manually as a boot option. This allows you to verify that your server supports UEFI HTTP Boot, before you go ahead and configure the DHCP server.