Boota Windows10 i SecureBoot över PXE hostat på Linux maskin, möjligt?

Trädvy Permalänk
Prag, Czech Republic
Aug 2006

Boota Windows10 i SecureBoot över PXE hostat på Linux maskin, möjligt?


Finns det någon gratis lösning för att köra Windows10 installationer över PXE boot från en Linux server? (med UEFI/SecureBoot påslaget, det är ett krav där jag jobbar).
Dvs alltså boota en WinPE miljö.
Det går ju att göra via Windows server men pga licens kostnader så letar jag efter en Open Source lösning på det hela.

Jag hittade detta: men jag ser inte att Windows 8.1 eller 10 verkar vara supportat.


Trädvy Permalänk
Sep 2013


För 6-7 år sen lade jag en del tid på att fixa installation av Windows 7 över PXE. Jag tyckte de guider jag hittade på nätet var lite sisådär så jag skrev ihop en egen utifrån dem.

Jag vågar inte uttala mig om något av det du faktiskt frågar efter (Windows 10, UEFI, Secure Boot) men jag gissar att många av de principer jag beskrivit fortfarande är applicerbara.

Kanske kan min gamla skruttiga guide (som då det begav sig fungerade perfekt) vara till hjälp som referensmaterial. Läsbarheten försämrades en hel del när jag "konverterade" från HTML till TXT, men kan skicka orginalet till dig via PM om du önskar.


With a DCHP server installed it's not a bad idea to install a TFTP server. Together, this software will allow you to boot and install machines via your LAN.
PXE Installation
PXE is not a server, but an environment made up by a DHCP- and TFT-server working together. If you've been following my guide you should have a DHCP server installed already, but we still need a TFTP server and some files made available by the syslinux package.
# sudo aptitude install tftpd-hpa syslinux
Basic PXE Configuration
1. First, we need to review the configuration of our dhcp server, /etc/dhcp/dhcpd.conf. Find the "subnet" section and add the two lines, here in bold type:
subnet netmask {
   interface eth1;
   filename "pxelinux.0";
   option routers
2. Now for the boot options! Let's start out simple and only add a "localboot" option. It won't allow you to actually netboot anything, but it's an easy way to make sure that the dhcp- and tftp-servers are running properly. First, make the following two files available for download.
# sudo mkdir -p /srv/tftp/pxelinux.cfg
# sudo cp /usr/lib/syslinux/pxelinux.0 /srv/tftp/
# sudo cp /usr/lib/syslinux/menu.c32 /srv/tftp/
3. The PXE boot configuration is stored in /srv/tftp/pxelinux.cfg/default. Lets go ahead and create that file:
DEFAULT menu.c32

LABEL Localboot
   localboot -1
4. Lastly, restart the DHCP- and TFTP server
# sudo /etc/init.d/isc-dhcp-server restart
# sudo /etc/init.d/tftpd-hpa restart
Adding Boot Images to the PXE Environment
Ghost 4 Linux
Windows 7
Oh man, this one is a bit more work than the others, so read this first: The soft- and hardware compatability of the PE (Preinstallation environment) we are going to use is rather sparse. For example; you are going to have to add network drivers for each client machine manually, and if you build the PE for the x86 architecture, you wont be able to run amd64 software (and vice versa [sic]).
So, unless you're planning to reinstall Windows 7 every day, you're probably better off creating a bootable USB key using YUMI.
Windows 7 Preparations
It's important you understand that we will not be booting Windows 7. What we are going to do is to boot Windows PE, mount a remote share with the Windows 7 installation files and then run the installer from within Windows PE.
1. In order to create a proper Windows PE boot image, first we need to download The Windows Automated Installation Kit (AIK) Version 3.
2. Then use 7-Zip to extract, or WinCDEmu to mount the ISO and run and install either "wAIKAMD64" or "wAIKX86", depending on your platform.
Creating WinPE boot image
1. Run the "Deployment Tools Command Prompt" as an administrator and enter the following two commands to mount the original boot image:
# copype.cmd x86 c:\winpe_x86
# dism /mount-wim /wimfile:c:\winpe_x86\winpe.wim /index:1 /mountdir:c:\winpe_x86\mount
2. Next, put some files needed during the boot process into place.
# mkdir c:\winpe_x86\winpe\Fonts
# copy c:\winpe_x86\mount\windows\boot\pxe\bootmgr.exe c:\winpe_x86\winpe\
# copy c:\winpe_x86\mount\windows\boot\pxe\pxeboot.n12 c:\winpe_x86\winpe\pxeboot.0
# copy c:\winpe_x86\mount\windows\boot\fonts\wgl4_boot.ttf c:\winpe_x86\winpe\Fonts\
# copy "c:\Program Files\Windows AIK\Tools\PETools\x86\boot\boot.sdi" c:\winpe_x86\winpe
# echo. 2> c:\winpe_x86\winpe\empty
3. You are going to have to add the Windows 7 32-bit driver for your network adapter to the Windows PE image. In this example I've saved my drivers to C:\DRIVERS\PRO1000\Win32\NDIS62 so I type:
# dism /image:c:\winpe_x86\mount /Add-Driver /driver:C:\DRIVERS\PRO1000\Win32\NDIS62\e1c6232.inf
Not sure which driver to install? If you currently have the card up and running in Windows, Device Manager -> Network Adapters -> <Your adapter> -> Driver -> Driver Details might give you a clue.
4. Now let's append the following two commands to "startnet.cmd" (a file that is run automatically during Windows PE's boot process):
# echo net use z: \\\win7-install >> c:\winpe_x86\mount\Windows\System32\startnet.cmd
# echo z:\setup.exe >> c:\winpe_x86\mount\Windows\System32\startnet.cmd
5. Save the changes, unmount the image and put it with the other files.
# dism /unmount-Wim /MountDir:c:\winpe_x86\mount /Commit
# copy c:\winpe_x86\winpe.wim c:\winpe_x86\winpe\winpe.wim
6. Almost there! The next step is to create a Boot Configuration Data (BCD) file for Windows 7. Run the following set of commands to create and configure the file:
# bcdedit -createstore c:\winpe_x86\winpe\BCD
# bcdedit -store c:\winpe_x86\winpe\BCD -create {ramdiskoptions} /d "Ramdisk options"
# bcdedit -store c:\winpe_x86\winpe\BCD -set {ramdiskoptions} ramdisksdidevice Boot
# bcdedit -store c:\winpe_x86\winpe\BCD -set {ramdiskoptions} ramdisksdipath \Boot\boot.sdi
# for /f "Tokens=3" %i in ('bcdedit /store c:\winpe_x86\winpe\BCD /create /d "Windows 7 Install Image" /application osloader') do set GUID=%i
# bcdedit -store c:\winpe_x86\winpe\BCD -set %GUID% systemroot \Windows
# bcdedit -store c:\winpe_x86\winpe\BCD -set %GUID% detecthal Yes
# bcdedit -store c:\winpe_x86\winpe\BCD -set %GUID% winpe Yes
# bcdedit -store c:\winpe_x86\winpe\BCD -set %GUID% osdevice ramdisk=[boot]\Boot\winpe.wim,{ramdiskoptions}
# bcdedit -store c:\winpe_x86\winpe\BCD -set %GUID% device ramdisk=[boot]\Boot\winpe.wim,{ramdiskoptions}
# bcdedit -store c:\winpe_x86\winpe\BCD -create {bootmgr} /d "Windows 7 Boot Manager"
# bcdedit -store c:\winpe_x86\winpe\BCD -set {bootmgr} timeout 30
# bcdedit -store c:\winpe_x86\winpe\BCD -set {bootmgr} displayorder %GUID%
7. All done tinkering in front of a Windows machine. Copy the entire C:\winpe_x86\winpe directory to /srv/tftpd/ on the machine running the TFTP server then read on below.
Samba Configuration
1. The Windows 7 installation media needs to be shared on the network so Windows PE can launch the installer. If you haven't already, install Samba and create a share called "win7-install".
# This is a text field that is seen next to a share when a client does a queries the server, either via the network neighborhood or via net view to list what shares are available.
comment = Windows 7 Installation Media
# This parameter specifies a directory to which the user of the service is to be given access.
path = /mnt/iso # change this to the path of your Windows 7 files
# This controls whether this share is seen in the list of available shares in a net view and in the browse list.
browseable = no
# If this parameter is yes, then users of a service may not create or modify files in the service's directory.
read only = yes
# If this parameter is yes for a service, then no password is required to connect to the service.
guest ok = yes
2. Note that we have to reconfigure Samba to share-level security in order for Windows PE to access the installation files without having to use a password. Find the "security" setting and change it to:
security = share
3. Then restart Samba for the changes to take effect.
# sudo /etc/init.d/samba restart
TFTP Configuration
1. Now all there's left is to configure TFTP. The BCD we created earlier will look for files and folders in the wrong places. To remedy this we'll setup file remapping.
First, create /etc/ with the contents of:
re ^bootmgr\.exe winpe/bootmgr.exe
re ^\\boot\.ini winpe/empty
re ^\\hiberfile.sys winpe/empty
r ^\\Boot\\ winpe/
rg \\ /
2. Then configure TFTP to use the map file we just created by editing /etc/default/tftpd-hpa. Change the "TFTP_OPTIONS" setting to:
TFTP_OPTIONS="--secure -l -vvv -m /etc/"
Curious about the remapping? Once a client machine has connected, have a look in /var/log/syslog.
3. The next part should be familiar! Add Windows 7 to the PXE boot menu by editing /srv/tftp/pxelinux.cfg/default.
LABEL Windows
   menu label Windows 7
   kernel winpe/pxeboot.0 keeppxe
4. Last but not least, restart TFTP.
# sudo /etc/init.d/tftpd-hpa restart

Lycka till!

Trädvy Permalänk
Nov 2004

Jag har installerat windows 10 flera gånger via pxe hostat på en debian-dator. Kör på liknande setup som @felplacrd , fungerar fint med uefi. Secureboot kan jag inte svära på fungerar, men kan undersöka saken om du vill? @enix

Skickades från

WS: MSI B350M Mortar | AMD Ryzen 7 1700 | PH-TC14PE | 32GB DDR4 3000MHz | 120GB Intel 530 | 2*500GB HDD | Asus R9 290X DCU2 4GB | 2*LG W2242PE
Router: Gigabyte GA-870-UD3 | AMD Phenom II x6 1055t @ 2600MHz, 1.25V | 12GB DDR3 | 2*250GB HDD @ RAID1 | 2TB HDD
Laptop: Thinkpad X220 4291-QF6