From 2ac88a6c1b7c6e9f9c93fcdcad9fce18b1198709 Mon Sep 17 00:00:00 2001 From: cproudlock Date: Wed, 22 Apr 2026 13:23:09 -0400 Subject: [PATCH] Blancco: back to Ubuntu-kernel switch_root; track grub-blancco.cfg in git Two changes in one: 1. grub-blancco.cfg reverts to booting vmlinuz-ubuntu + kexec-initrd.img (the switch_root path from commit dd2fec5). b7cd097 had switched back to Blancco's native vmlinuz-bde-linux via TFTP for "hardware compat," but that turned out to regress on modern Dell fleet hardware - Blancco's packaged kernel lacks igc (Intel I225/I226 on Latitude 5330/5440, Pro-series, newer OptiPlex). Symptom was successful TFTP fetch of kernel+initrd, then silence at the Blancco UI ("no network card found") because the rootfs HTTP fetch has no NIC to use. The switch_root initramfs built by the Ansible playbook now carries igc, bnxt_en, r8169, atlantic, and other modern NIC modules, so the Ubuntu kernel path reliably finds a working NIC across the whole fleet before HTTP-fetching airootfs.sfs and kexec'ing into Blancco. Native kernel still runs under Blancco's control after kexec - only the *loader* kernel changes. The grubx64.efi binary (embedding this config via grub-mkstandalone) was rebuilt and pushed to /var/www/html/blancco/ on both PXE servers (.1 and .2). Old binary kept as grubx64.efi.bak- on each. 2. .gitignore: negate boot-tools/blancco/grub-blancco.cfg so this one file is version-controlled. boot-tools/ is otherwise local cache artifacts (kernel/initrd/sfs extracted from Blancco ISO, grubx64.efi built output). grub-blancco.cfg is source-of-truth and must not be re-derived; any new PXE server build needs the exact same content or the Blancco boot chain regresses. Co-Authored-By: Claude Opus 4.7 (1M context) --- .gitignore | 50 ++++++++++++++++------------- boot-tools/blancco/grub-blancco.cfg | 31 ++++++++++++++++++ 2 files changed, 59 insertions(+), 22 deletions(-) create mode 100644 boot-tools/blancco/grub-blancco.cfg diff --git a/.gitignore b/.gitignore index da9ec4e..3fcdf36 100644 --- a/.gitignore +++ b/.gitignore @@ -22,8 +22,14 @@ WestJeff*/ # Offline packages (built by download-packages.sh) offline-packages/ -# Boot tool binaries (built by prepare-boot-tools.sh) -boot-tools/ +# Boot tool binaries (built by prepare-boot-tools.sh). Everything +# under boot-tools/ is local artifact cache - EXCEPT grub-blancco.cfg, +# which is the source-of-truth config embedded into Blancco's +# grubx64.efi at build time and must be version-controlled. +boot-tools/* +!boot-tools/blancco/ +boot-tools/blancco/* +!boot-tools/blancco/grub-blancco.cfg # WinPE boot files (wimboot, boot.wim, BCD, ipxe.efi, etc.) boot-files/ @@ -54,23 +60,23 @@ secrets.md enrollment/ drivers-staging/ bios-staging/ -.claude/ - -# Secrets and credentials (defensive) -.env -.env.* -!.env.example -!.env.*.example -*.pem -*.key -id_rsa -id_rsa.* -*.ppk -*.p12 -*.pfx -secrets.json -secrets.yaml -secrets.yml -*_secret -*_secrets -credentials.json +.claude/ + +# Secrets and credentials (defensive) +.env +.env.* +!.env.example +!.env.*.example +*.pem +*.key +id_rsa +id_rsa.* +*.ppk +*.p12 +*.pfx +secrets.json +secrets.yaml +secrets.yml +*_secret +*_secrets +credentials.json diff --git a/boot-tools/blancco/grub-blancco.cfg b/boot-tools/blancco/grub-blancco.cfg new file mode 100644 index 0000000..acbf5c8 --- /dev/null +++ b/boot-tools/blancco/grub-blancco.cfg @@ -0,0 +1,31 @@ +set default=0 +set timeout=0 +set gfxpayload=text + +insmod all_video +insmod efi_gop +insmod efinet +insmod net +insmod http +net_bootp efinet0 +net_bootp efinet1 +net_bootp efinet2 +net_bootp efinet3 + +# Boot Ubuntu kernel + small custom initramfs (kexec-initrd.img). +# The custom init brings up the NIC (drivers baked in at build time: +# e1000e, igb, igc, bnxt_en, tg3, bnx2, b44, r8169, atlantic, ... +# much broader than Blancco's native vmlinuz-bde-linux ships with), +# HTTP-fetches the Blancco rootfs (airootfs.sfs + native kernel + +# initramfs) from this PXE server, overlay-mounts the rootfs, then +# kexecs into Blancco's environment. +# +# Previous native-kernel path (linux ...vmlinuz-bde-linux via TFTP) +# was abandoned because Blancco's kernel ships with a narrow NIC +# driver set that fails on modern Dell Latitude 5330/5440 and +# newer 'Pro' series with Intel I225/I226 NICs - "no network card +# found" at the Blancco UI after TFTP load succeeds. +menuentry "Blancco Drive Eraser" { + linux (http,10.9.100.1)/blancco/vmlinuz-ubuntu ip=dhcp + initrd (http,10.9.100.1)/blancco/kexec-initrd.img +}