ge-aerospace/pxe-server
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

pxe: arch-aware NBP + undionly.kpxe for legacy BIOS clients

Browse Source 
Legacy-BIOS PXE clients booting Blancco reported "NBP is too big to
fit in free base memory". Cause: dnsmasq unconditionally served
ipxe.efi (~675KB EFI binary) which legacy BIOS PXE ROMs cannot
execute and which exceeds their NBP cap.

Fix:
- Add undionly.kpxe (~70KB BIOS-mode iPXE, from boot.ipxe.org).
- dnsmasq: dhcp-match on option:client-arch,0 (BIOS) -> undionly.kpxe;
  default (everything else, including UEFI x86_64 arch 7 and 9) keeps
  getting ipxe.efi. Tag form is reversible: if the match fails to
  evaluate, fallback is the working EFI path, not the new binary.
- Ansible TFTP-copy loop: mirror undionly.kpxe alongside ipxe.efi.
- .gitignore exception: track the open-source kpxe binary so the
  air-gapped USB build stays self-contained.

UEFI clients unchanged. Blancco/Clonezilla/WinPE chain after the
iPXE menu is identical regardless of which iPXE variant delivered it.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This commit is contained in:
cproudlock
2026-05-12 15:13:44 -04:00
parent 3896667c90
commit adc8d50e66
3 changed files with 17 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
.gitignore vendored
View File

@@ -30,6 +30,10 @@ boot-tools/
# WinPE boot files (wimboot, boot.wim, BCD, ipxe.efi, etc.) # WinPE boot files (wimboot, boot.wim, BCD, ipxe.efi, etc.)
boot-files/ boot-files/
# Exception: track undionly.kpxe (open-source iPXE BIOS-mode NBP for
# legacy PXE clients, ~70KB, from boot.ipxe.org). Makes air-gapped USB
# build self-contained without a separate fetch step.
!boot-files/undionly.kpxe
# Python wheels for offline install (built by download-packages.sh) # Python wheels for offline install (built by download-packages.sh)
pip-wheels/ pip-wheels/
@@ -77,6 +81,6 @@ secrets.yml
*_secret *_secret
*_secrets *_secrets
credentials.json credentials.json
# Pre-staged binary (142 MB) - track via LFS or stage on PXE server, not in regular git # Pre-staged binary (142 MB) - track via LFS or stage on PXE server, not in regular git
playbook/shopfloor-setup/Shopfloor/PrinterInstallerMap.exe playbook/shopfloor-setup/Shopfloor/PrinterInstallerMap.exe

BIN
boot-files/undionly.kpxe Normal file
View File

Binary file not shown.

11
playbook/pxe_server_setup.yml
View File

@@ -163,7 +163,15 @@
# dhcp-option=6,8.8.8.8 # dhcp-option=6,8.8.8.8
enable-tftp enable-tftp
tftp-root={{ tftp_dir }} tftp-root={{ tftp_dir }}
dhcp-boot=ipxe.efi # Arch-aware NBP: legacy BIOS PXE ROMs (client-arch=0) cannot run
# the EFI iPXE binary and report "NBP is too big to fit in free
# base memory" because ipxe.efi (~675KB) exceeds the BIOS PXE
# NBP cap. Serve undionly.kpxe (~70KB, BIOS-mode iPXE) to them
# instead. Everything else (UEFI x86_64 = arch 7 or 9, plus any
# future arches) keeps getting ipxe.efi - default-safe.
dhcp-match=set:bios,option:client-arch,0
dhcp-boot=tag:bios,undionly.kpxe
dhcp-boot=tag:!bios,ipxe.efi
log-dhcp log-dhcp
# Per-lease state cleanup: flush conntrack + port-445 sockets for # Per-lease state cleanup: flush conntrack + port-445 sockets for
# the client IP on add/del. Prevents "System error 53" when a PXE # the client IP on add/del. Prevents "System error 53" when a PXE
@@ -727,6 +735,7 @@
mode: '0755' mode: '0755'
loop: loop:
- ipxe.efi - ipxe.efi
- undionly.kpxe
ignore_errors: yes ignore_errors: yes
- name: "Copy boot tool files from USB (Clonezilla, Blancco, Memtest)" - name: "Copy boot tool files from USB (Clonezilla, Blancco, Memtest)"