From 66472ab0fc6394715b2ca7a66ffc0b168479eef8 Mon Sep 17 00:00:00 2001 From: Souvik Sarkar Date: Tue, 31 Mar 2026 12:15:16 +0530 Subject: [PATCH 1/4] DOCTEAM-2151 core.efi embedded prefix limitation and guidance for multi-environment subdirectory PXE setups --- articles/sles-pxe-server-setup.asm.xml | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/articles/sles-pxe-server-setup.asm.xml b/articles/sles-pxe-server-setup.asm.xml index ea180981a..0bd73773a 100644 --- a/articles/sles-pxe-server-setup.asm.xml +++ b/articles/sles-pxe-server-setup.asm.xml @@ -45,10 +45,17 @@ Setting Up a PXE Boot Server + 2026-03-30 + + + Added a note on core.efi embedded prefix limitation and guidance for multi-environment subdirectory PXE setups. + + + 2026-03-18 - Added note clarifying that TFTP is mandatory for ppc64le architectures + Added note clarifying that TFTP is mandatory for &ppc64le; architectures From 0880084346ea9fdb1dad7826d8329e85c3579f1a Mon Sep 17 00:00:00 2001 From: Souvik Sarkar Date: Tue, 31 Mar 2026 12:21:08 +0530 Subject: [PATCH 2/4] minor change in rev history --- articles/sles-pxe-server-setup.asm.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/articles/sles-pxe-server-setup.asm.xml b/articles/sles-pxe-server-setup.asm.xml index 0bd73773a..799053ece 100644 --- a/articles/sles-pxe-server-setup.asm.xml +++ b/articles/sles-pxe-server-setup.asm.xml @@ -48,7 +48,7 @@ 2026-03-30 - Added a note on core.efi embedded prefix limitation and guidance for multi-environment subdirectory PXE setups. + Added a note on core.efi prefix limitation and guidance for multi-environment subdirectory PXE setups. From a57bb43856309bb4873d2af68aa1501eb1939772 Mon Sep 17 00:00:00 2001 From: Souvik Sarkar Date: Fri, 17 Apr 2026 16:21:39 +0530 Subject: [PATCH 3/4] Added a note on core.efi prefix limitation and guidance for multi-environment subdirectory PXE setups. --- tasks/sles-pxe-server-configure-grub2.xml | 68 ++++++++++++++++++- ...r-netboot-directories-uefi-secure-boot.xml | 18 ++++- 2 files changed, 82 insertions(+), 4 deletions(-) diff --git a/tasks/sles-pxe-server-configure-grub2.xml b/tasks/sles-pxe-server-configure-grub2.xml index f7596b4c3..b39129e85 100644 --- a/tasks/sles-pxe-server-configure-grub2.xml +++ b/tasks/sles-pxe-server-configure-grub2.xml @@ -79,8 +79,8 @@
Creating the &grub; configuration - The &grub; configuration file handles three main tasks: detecting the client's architecture, - managing network interfaces and loading other configuration files. This modular + The &grub; configuration file handles three main tasks: detecting the client's architecture, + managing network interfaces and loading other configuration files. This modular approach provides flexibility for different deployment scenarios. @@ -663,6 +663,70 @@ EOF
+
+ Multi-environment subdirectory setups + + If you want to serve multiple independent PXE environments from subdirectories under one TFTP root (for example, + /srv/tftpboot/ENV1/boot/... and + /srv/tftpboot/ENV2/boot/...), the standard + /boot prefix used throughout this guide must be replaced with your custom + prefix consistently in all of the following places. Missing even one will cause boot failures. + + + + + DHCP boot filename—the boot filename delivered to the + client must include the custom prefix. For example, + /ENV1/boot/grub2/x86_64-efi/bootx64.efi. + + + + + nginx location alias—the location /boot + block in /etc/nginx/nginx.conf must be updated to expose the custom + prefix path. + + + + + grub.cfg source paths—the hardcoded + absolute paths inside /srv/tftpboot/boot/grub2/grub.cfg: + +source "${config}/${net_default_mac}/grub.cfg" +source "${prefix}/menu.cfg" + + Both must be updated to use the custom prefix. + + + + + menu.cfg paths—all + /boot/images/... paths inside menu.cfg must be + updated to use the custom prefix. + + + + + Per-MAC host configurations—if you use machine-specific configurations, the + source "/boot/grub2/menu.cfg" line inside each per-MAC grub.cfg must also be updated to use the custom prefix. + + + + + &selnx; file context—run restorecon on your custom path: + +&prompt.sudo;restorecon -Rv /srv/tftpboot/ENV1 + + + + &selnx; policy— running setsebool -P + httpd_serve_cobbler_files=1 only covers the standard /boot + path. A custom &selnx; policy is required for a non-standard prefix. Use ausearch -m avc -ts recent + to identify denials and create the appropriate policy module. + + + +
Next steps diff --git a/tasks/sles-pxe-server-netboot-directories-uefi-secure-boot.xml b/tasks/sles-pxe-server-netboot-directories-uefi-secure-boot.xml index d64b2203b..f1fa8f844 100644 --- a/tasks/sles-pxe-server-netboot-directories-uefi-secure-boot.xml +++ b/tasks/sles-pxe-server-netboot-directories-uefi-secure-boot.xml @@ -127,8 +127,22 @@ /srv/tftpboot/boot/grub2/ARCH-efi/core.efi file installed by the grub2-mknetdir command for &x86-64; or &aarch64; architectures for UEFI PXE as well. However, they are not signed and - do not support &uefisecboot;. To optionally enable &uefisecboot; for the supported - &x86-64; and &aarch64; architectures, perform any of the following steps: + do not support &uefisecboot;. + + + <filename>core.efi</filename> and subdirectory setups + + The core.efi file generated by grub2-mknetdir + has /boot/grub2 hardcoded as an embedded prefix. &grub; always + fetches modules and configuration from this prefix relative to the TFTP root, + regardless of where core.efi itself was loaded from. If you need + to serve multiple environments from subdirectories under one TFTP root, use + shim and grub.efi from the installation + media ISO or the shim package instead, as described below. + + + + To optionally enable &uefisecboot; for the supported &x86-64; and &aarch64; architectures, perform any of the following steps: From b8bb73ac379a483ae0861a39af4bf42ee2b8832d Mon Sep 17 00:00:00 2001 From: Souvik Sarkar Date: Tue, 2 Jun 2026 10:44:01 +0530 Subject: [PATCH 4/4] Addressed editorial comments --- articles/sles-pxe-server-setup.asm.xml | 4 ++-- tasks/sles-pxe-server-configure-grub2.xml | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/articles/sles-pxe-server-setup.asm.xml b/articles/sles-pxe-server-setup.asm.xml index 799053ece..c2c1116ad 100644 --- a/articles/sles-pxe-server-setup.asm.xml +++ b/articles/sles-pxe-server-setup.asm.xml @@ -48,14 +48,14 @@ 2026-03-30 - Added a note on core.efi prefix limitation and guidance for multi-environment subdirectory PXE setups. + Added a note on core.efi prefix limitation and guidance for multi-environment subdirectory PXE setups 2026-03-18 - Added note clarifying that TFTP is mandatory for &ppc64le; architectures + Added a note clarifying that TFTP is mandatory for &ppc64le; architectures diff --git a/tasks/sles-pxe-server-configure-grub2.xml b/tasks/sles-pxe-server-configure-grub2.xml index b39129e85..1bf15933a 100644 --- a/tasks/sles-pxe-server-configure-grub2.xml +++ b/tasks/sles-pxe-server-configure-grub2.xml @@ -675,7 +675,7 @@ EOF - DHCP boot filename—the boot filename delivered to the + DHCP boot file name—the boot filename delivered to the client must include the custom prefix. For example, /ENV1/boot/grub2/x86_64-efi/bootx64.efi.