Run FOG on Secure Boot enabled computers
The goal of FOGUefi is to be able to use the FOG server on computers with Secure Boot enabled (using GRUB), while retaining the original operating principle of FOG.
FOGUefi is a fork of FOS, modified to run on Alpine Linux, shipped with the Ubuntu Noble kernel, shim and signed Grub2.
- GRUB boot menu driven by FOG Server. (separated from iPXE)
- Remote control (using a web browser)
- Ability to automate image deployment/capture (touchless)
- Configurable through the installation of third-party APK packages
- Grace period before a task is executed (default 10 seconds)
- Highly customizable configuration (by scripts).
- Standard installation (recommended) :
sudo -i
cd /opt
git clone https://github.com/abotzung/foguefi
cd foguefi
./install.sh
- Installing FOGUefi from latest sources ("edge") :
sudo -i
cd /opt
git clone https://github.com/abotzung/foguefi
cd foguefi
./install.sh -b
Usage :
./install.sh
Options :
-a Skip Apache2 configuration
-b Build files from the latest sources, rather than downloading it from Github
-f Force (re)installation of FOGUefi
-h Show this help
-u Unattended installation.
-n No internet flag ; This forces the installer to NOT use internet. (useful for air-gapped networks)
NOTE : You need to download theses files into the root directory of this script :
https://github.com/abotzung/FOGUefi/releases/latest/download/fog_uefi.cpio.xz
https://github.com/abotzung/FOGUefi/releases/latest/download/fog_uefi.cpio.xz.sha256
https://github.com/abotzung/FOGUefi/releases/latest/download/grubx64.efi
https://github.com/abotzung/FOGUefi/releases/latest/download/grubx64.efi.sha256
https://github.com/abotzung/FOGUefi/releases/latest/download/linux_kernel
https://github.com/abotzung/FOGUefi/releases/latest/download/linux_kernel.sha256
https://github.com/abotzung/FOGUefi/releases/latest/download/release
https://github.com/abotzung/FOGUefi/releases/latest/download/shimx64.efi
https://github.com/abotzung/FOGUefi/releases/latest/download/shimx64.efi.sha256
- [[#Why use Linux kernel, GRUB and SHIM from Ubuntu Noble repositories?]]
- [[#Why FOGUefi ?]]
- [[#What are the features of FOGUefi?]]
- [[#I want to modify the GRUB boot menu; what should I modify?]]
Using the Ubuntu kernel, grub-signed and shim-signed are required because these are signed by Microsoft(C), and can allow booting without having to use mokutil on every computer running FOG.
This is the fastest and easiest solution to be able to use FOG.
Note: A Shim is currently being signed to be able to use iPXE, with Secure Boot: rhboot/shim-review#319
FOGUefi was born in december 2019, because I couldn't quickly and easily use FOG with computers that had Secure Boot. I also added various features that I think are relevant for "everyday" use.
The /tftpboot/grub/grub.cfg
file can be edited to configure the GRUB boot menu. More information can be found in the documentation.
FOGUefi is build with the help of :
-
Baobabrom : For your countless hours of debugging.
-
The FOG Project : For this superb tool (Parts used in FOS, scripts and logos)
-
Clonezilla©/Steven Shiau (C) 2003-2024, NCHC, Taiwan (The boot-local-efi.cfg file)
-
Ubuntu© (C) 2024 Canonical Ltd. (GNU/Linux signed kernel, shim-signed, grub-efi-arm64-signed)
-
The Alpine Linux Development team (for Alpine Linux)
-
Redo Rescue© (C) 2010.2020 Zebradots Software (GRUB Theme, heavily modified)
-
Mcder3 (Icons)
-
Font Awesome (Licence : SIL OFL 1.1) : Icons