ge-aerospace/pxe-server
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
76165495ffcbc52425c81c98b057dd2a6167a578
pxe-server/playbook/blancco-preferences.xml
cproudlock dd2fec5a41 Blancco PXE boot via Ubuntu kernel switch_root 
Blancco's own kernel freezes on Dell Precision towers during PXE boot.
Workaround: boot Ubuntu kernel via GRUB chainload, download Blancco's
666MB squashfs rootfs + 132MB kernel modules over HTTP, mount overlay
filesystem, and switch_root into Blancco's userspace.

- Add blancco-init.sh: custom initramfs init script for switch_root approach
- Add blancco-preferences.xml: pre-configured with network share for reports
- Update playbook: build initramfs, deploy Ubuntu kernel/modules, config
- Update prepare-boot-tools.sh: add HTTP modules to GRUB EFI build
- Add UEFI HTTP Boot support to dnsmasq config
- iPXE menu chains to grubx64.efi (replaces sanboot of ISO)

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-18 11:20:00 -05:00

379 lines
16 KiB
XML
Raw Blame History

<?xml version="1.0" encoding="UTF-8"?>
<!-- FASDHFOSGHSVASLGHASDLASDFUILEFHLKJDKLFJGKLXCJGHFKLJDGHKLFJ -->
<root>
<blancco type="albus-preferences" version="4.14"/>
<version>
<generation>7</generation>
<major>14</major>
<minor>0</minor>
</version>
<integrity>WrE8qdGzoKMVy403SVha6O6JOdYlerKbbjyLSWo20NI=</integrity>
<configuration dect="3.14.0" imported="false">
<processes type="array" key="process">
<process>workflow</process>
<process>auto</process>
<process>semi</process>
<process selected="true">manual</process>
</processes>
<hardware_tests type="array" key="test" enabled="false">
<test enabled="true" mandatory="false" auto="true" threshold="60">battery</test>
<test enabled="true" mandatory="false" auto="true">cpu</test>
<test enabled="false" mandatory="false" auto="true" passes="0">memory</test>
<test enabled="true" mandatory="false" auto="true">motherboard</test>
<test enabled="true" mandatory="false" auto="false" threshold="50" duration="600">battery_discharge</test>
<test enabled="true" mandatory="false" auto="false">bios_logo</test>
<test enabled="true" mandatory="false" auto="false" threshold="80" duration="180">cpu_stress</test>
<test enabled="true" mandatory="false" auto="false">display</test>
<test enabled="true" mandatory="false" auto="false" formfactor="compact" language="us">keyboard</test>
<test enabled="true" mandatory="false" auto="false">microphone</test>
<test enabled="true" mandatory="false" auto="false" targets="">network</test>
<test enabled="true" mandatory="false" auto="false" tests="R">optical_devices</test>
<test enabled="true" mandatory="false" auto="false">sound</test>
<test enabled="true" mandatory="false" auto="false">pointing_devices</test>
<test enabled="true" mandatory="false" auto="false">sim_presence</test>
<test enabled="true" mandatory="false" auto="false">speaker</test>
<test enabled="true" mandatory="false" auto="false">touchscreen</test>
<test enabled="true" mandatory="false" auto="false" tests="R">usb_ports</test>
<test enabled="true" mandatory="false" auto="false">webcam</test>
<test enabled="true" mandatory="false" auto="false">wifi</test>
</hardware_tests>
<layouts type="array" key="layout">
<layout selected="true">us</layout>
<layout>be</layout>
<layout>br</layout>
<layout>ca</layout>
<layout>ch</layout>
<layout>ch_fr</layout>
<layout>cn</layout>
<layout>de</layout>
<layout>dk</layout>
<layout>es</layout>
<layout>fi</layout>
<layout>fr</layout>
<layout>gb</layout>
<layout>hu</layout>
<layout>it</layout>
<layout>jp</layout>
<layout>kr</layout>
<layout>latam</layout>
<layout>nl</layout>
<layout>no</layout>
<layout>pl</layout>
<layout>pt</layout>
<layout>ru</layout>
<layout>se</layout>
<layout>sk</layout>
</layouts>
<locales type="array" key="locale">
<locale selected="true">en_US</locale>
<locale>de_DE</locale>
<locale>es_ES</locale>
<locale>fr_FR</locale>
<locale>hu_HU</locale>
<locale>it_IT</locale>
<locale>ja_JP</locale>
<locale>ko_KR</locale>
<locale>pl_PL</locale>
<locale>pt_BR</locale>
<locale>ru_RU</locale>
<locale>sk_SK</locale>
<locale>zh_CN</locale>
<locale>zh_TW</locale>
</locales>
<erasure_standards type="array" key="standard">
<standard enabled="true" id="afssi_5020" name="Air Force System Security Instruction 5020"/>
<standard enabled="true" id="aperiodic_random" name="Aperiodic random overwrite"/>
<standard enabled="true" id="bsi_vs" name="BSI-2011-VS"/>
<standard enabled="true" id="bsi_gs" name="BSI-GS"/>
<standard enabled="true" id="bsi_gse" name="BSI-GSE"/>
<standard enabled="true" id="bsi_gsk" name="BSI-GSK"/>
<standard enabled="true" id="bl_ssd" name="Blancco SSD Erasure"/>
<standard enabled="true" id="bruce_schneier" name="Bruce Schneier's Algorithm"/>
<standard enabled="true" id="cesg_higher" name="CESG CPA - Higher Level"/>
<standard enabled="true" id="dod" name="DoD 5220.22-M"/>
<standard enabled="true" id="dod_ece" name="DoD 5220.22-M ECE"/>
<standard enabled="true" id="extended_firmware" name="Extended Firmware Based Erasure"/>
<standard enabled="true" id="firmware" name="Firmware Based Erasure"/>
<standard enabled="true" id="hmg_higher" name="HMG Infosec Standard 5, Higher Standard"/>
<standard enabled="true" id="hmg_lower" name="HMG Infosec Standard 5, Lower Standard"/>
<standard enabled="true" id="ieee_clear" name="IEEE 2883-2022 Clear"/>
<standard enabled="true" id="ieee_purge" name="IEEE 2883-2022 Purge"/>
<standard enabled="false" id="nist_pc" name="NIST 800-88" pattern="0x00" pattern_type="static"/>
<standard enabled="true" id="nist_clear" name="NIST 800-88 Clear" pattern="0x00" pattern_type="static"/>
<standard selected="true" enabled="true" id="nist_purge" name="NIST 800-88 Purge"/>
<standard enabled="true" id="nsa" name="NSA 130-1"/>
<standard enabled="true" id="ncsc" name="National Computer Security Center (NCSC-TG-025)"/>
<standard enabled="true" id="navso" name="Navy Staff Office Publication (NAVSO P-5239-26)"/>
<standard enabled="true" id="opnavinst" name="OPNAVINST 5239.1A"/>
<standard enabled="true" id="peter_gutmann" name="Peter Gutmann's Algorithm"/>
<standard enabled="true" id="rcmp_tssit" name="RCMP TSSIT OPS-II"/>
<standard enabled="true" id="random_byte_3x" name="Random Byte Overwrite (3x)"/>
<standard enabled="true" id="crypto_erase" name="Sanitize Cryptographic Erasure"/>
<standard enabled="true" id="tcg_crypto_erase" name="TCG Cryptographic Erasure"/>
<standard enabled="true" id="us_army" name="U.S. Army AR380-19"/>
</erasure_standards>
<verification_standards type="array" key="standard">
<standard enabled="true" id="all_bytes_same" name="All bytes the same" pattern="0x00"/>
<standard enabled="true" id="all_ones" name="All ones"/>
<standard selected="true" enabled="true" id="all_sectors_same" name="All sectors the same"/>
<standard enabled="true" id="all_zeros" name="All zeros"/>
</verification_standards>
<network>
<enabled>true</enabled>
<dhcp>true</dhcp>
<sshd>false</sshd>
<looping>false</looping>
<address></address>
<mask></mask>
<gateway></gateway>
<dns1></dns1>
<dns2></dns2>
<vlan></vlan>
</network>
<network_security>
<enabled>false</enabled>
<certificate>false</certificate>
<protocols type="array" key="protocol">
<protocol selected="true">peap</protocol>
<protocol>tls</protocol>
</protocols>
<identity encrypted="false"></identity>
<password encrypted="false"></password>
</network_security>
<network_share>
<username encrypted="false">blancco</username>
<password encrypted="false">blancco</password>
<domain></domain>
<hostname>10.9.100.1</hostname>
<path>blancco-reports</path>
<protocols type="array" key="protocol">
<protocol selected="true">smb</protocol>
</protocols>
</network_share>
<proxy>
<proxy_address encrypted="false"></proxy_address>
<proxy_port encrypted="false"></proxy_port>
<proxy_username encrypted="false"></proxy_username>
<proxy_password encrypted="false"></proxy_password>
</proxy>
<mc>
<username encrypted="false"></username>
<password encrypted="false"></password>
<hostname></hostname>
<port></port>
<timeout>20</timeout>
<validate_remote_certificate>true</validate_remote_certificate>
</mc>
<workflow offline="false" default="false"></workflow>
<erasure>
<drive_self_test type="short">false</drive_self_test>
<max_simultaneous_erasures>50</max_simultaneous_erasures>
<remove_hidden_areas>false</remove_hidden_areas>
<preserve_recovery_partition>false</preserve_recovery_partition>
<store_erasure_progress>false</store_erasure_progress>
<remapped mandatory="false" threshold="0">false</remapped>
<action_if_not_possible>interrupt</action_if_not_possible>
<fail_on_remapped_sectors>false</fail_on_remapped_sectors>
<fail_on_erasure_errors threshold="5">true</fail_on_erasure_errors>
<fail_on_read_errors threshold="5">true</fail_on_read_errors>
<verification>10</verification>
<enforced_rules type="array" key="rule">
<rule enabled="false" name="enforced_standard" standard_id="bl_ssd" target="ssd"/>
<rule enabled="true" name="fallback_nist_standard" standard_id="nist_purge" fallback_id="nist_clear"/>
</enforced_rules>
<fail_on_failed_self_test>false</fail_on_failed_self_test>
<fail_on_low_erasure_speed threshold="1">false</fail_on_low_erasure_speed>
<fail_on_timeout threshold="1">false</fail_on_timeout>
<use_write_same>true</use_write_same>
<allow_secure_erase_enhanced>true</allow_secure_erase_enhanced>
<allow_secure_erase_normal>true</allow_secure_erase_normal>
<allow_nvme_format_crypto_erase>true</allow_nvme_format_crypto_erase>
<allow_nvme_format_user_data_erase>true</allow_nvme_format_user_data_erase>
<allow_scsi_format_unit>true</allow_scsi_format_unit>
<allow_sanitize_block_erase>true</allow_sanitize_block_erase>
<allow_sanitize_crypto_erase>true</allow_sanitize_crypto_erase>
<allow_sanitize_overwrite>true</allow_sanitize_overwrite>
<allow_tcg_block_erase>true</allow_tcg_block_erase>
<allow_tcg_crypto_erase>true</allow_tcg_crypto_erase>
<allow_tcg_overwrite>true</allow_tcg_overwrite>
<allow_tcg_reset_write_pointers>true</allow_tcg_reset_write_pointers>
<allow_tcg_unmap>true</allow_tcg_unmap>
</erasure>
<fingerprint>
<enabled>false</enabled>
<location>67000</location>
</fingerprint>
<bootable_report>
<enabled>true</enabled>
</bootable_report>
<format_disk>
<enabled>false</enabled>
<type>ntfs</type>
</format_disk>
<spin_down_idle_disk>
<enabled>false</enabled>
</spin_down_idle_disk>
<raid>
<show_logical_disks>false</show_logical_disks>
<enable_passthrough>true</enable_passthrough>
<kill_logical_disks>true</kill_logical_disks>
</raid>
<hotplug>
<enabled>false</enabled>
<timeout>30</timeout>
</hotplug>
<external_device_service>
<enabled>false</enabled>
<port>80</port>
<https_port>443</https_port>
<hardware_tests type="array" key="test" enabled="false">
<test enabled="true" passes="1">memory</test>
<test enabled="true">cpu</test>
<test enabled="true" threshold="60">battery</test>
<test enabled="true" threshold="50" duration="600">battery_discharge</test>
<test enabled="true">display</test>
<test enabled="true">keyboard</test>
<test enabled="true">pointing_devices</test>
<test enabled="true">webcam</test>
</hardware_tests>
</external_device_service>
<license>
<provider>bios</provider>
<provider_report>bios</provider_report>
<edition>Enterprise Volume Edition</edition>
<offline></offline>
<mode>Drive Eraser</mode>
</license>
<image>
<description></description>
<creation_date>2025-03-10</creation_date>
</image>
<customer_data>
<business_location></business_location>
<customer_license>General Electric Company</customer_license>
<erasure_person></erasure_person>
<erasure_provider></erasure_provider>
<business_name></business_name>
</customer_data>
<settings>
<gui>
<erasure_console>local</erasure_console>
<erasure_view>list</erasure_view>
<show_removable_devices>false</show_removable_devices>
<show_san_devices>true</show_san_devices>
<ssd_erasure_exception>true</ssd_erasure_exception>
<report_view locked="true">standard</report_view>
<erasure_settings locked="false"/>
<show_customer>false</show_customer>
<show_operator>false</show_operator>
<show_partitions>false</show_partitions>
<screensaver locked="false">
<timeout>30</timeout>
<show_exceptions>false</show_exceptions>
</screensaver>
<hexviewer>
<autostart>false</autostart>
</hexviewer>
<mc_monitor>false</mc_monitor>
<drive_selection_percentage>5</drive_selection_percentage>
<reconfigure_controller_mode>
<timeout enabled="false">30</timeout>
<default_focus_on_proceed>true</default_focus_on_proceed>
</reconfigure_controller_mode>
<disable_sid_block_authentication>
<timeout enabled="true">0</timeout>
<default_focus_on_proceed>false</default_focus_on_proceed>
</disable_sid_block_authentication>
<scale_factor>100</scale_factor>
<clear_tpm>
<timeout enabled="true">0</timeout>
<default_focus_on_proceed>false</default_focus_on_proceed>
</clear_tpm>
<accessibility>
<available>false</available>
<enabled>true</enabled>
<key_echo>true</key_echo>
<speaking_rate>80</speaking_rate>
</accessibility>
<sound_level>70</sound_level>
<input_method>
<enabled>false</enabled>
<jp>false</jp>
<kr>false</kr>
</input_method>
</gui>
</settings>
<custom_fields type="array" key="custom_field">
<custom_field type="input" mandatory="true" locked="false" per_drive="false" show_in_editor="false" pattern="" hint="">
<name>custom_field_1</name>
<title>GERITM Number</title>
<value></value>
</custom_field>
<custom_field type="input" mandatory="true" locked="false" per_drive="false" show_in_editor="false" pattern="" hint="">
<name>custom_field_2</name>
<title>Device Name</title>
<value></value>
</custom_field>
<custom_field type="input" mandatory="true" locked="false" per_drive="false" show_in_editor="false" pattern="" hint="">
<name>custom_field_3</name>
<title>Device Serial Number</title>
<value></value>
</custom_field>
<custom_field type="input" mandatory="false" locked="true" per_drive="false" show_in_editor="false" pattern="" hint="">
<name>custom_field_4</name>
<title>Version</title>
<value>EVE_20250310</value>
</custom_field>
</custom_fields>
<exclude_verification_ranges type="array" key="exclude_verification_range"/>
<report>
<per_drive>false</per_drive>
<auto_backup>true</auto_backup>
<extensions type="array" key="extension">
<extension selected="true">xml</extension>
</extensions>
<utc_offset>0</utc_offset>
<network_info>true</network_info>
<custom_signature>
<enabled>false</enabled>
<label></label>
</custom_signature>
<drive_life_estimation>false</drive_life_estimation>
</report>
<wireless>
<enabled>false</enabled>
<ssid encrypted="false"></ssid>
<password encrypted="false"></password>
<key_mgmt>WPA-PSK</key_mgmt>
<scan_ssid>0</scan_ssid>
</wireless>
<cd_eject>
<after_boot>true</after_boot>
<after_erasure>false</after_erasure>
<after_report>false</after_report>
<at_shutdown>false</at_shutdown>
</cd_eject>
<system_shutdown>
<after_erasure>false</after_erasure>
<after_successful_erasure>false</after_successful_erasure>
</system_shutdown>
<system_restart>
<after_erasure>false</after_erasure>
<after_successful_erasure>false</after_successful_erasure>
</system_restart>
<device_enrollment_detection>
<persistent_software>false</persistent_software>
</device_enrollment_detection>
<vnc_remote>
<enabled>false</enabled>
<mode>viewer</mode>
<repeater_hostname></repeater_hostname>
<port>5900</port>
<password encrypted="false"></password>
</vnc_remote>
<nvme_over_fabrics enabled="false" type="array" key="connection"/>
<adapters type="array" key="adapter"/>
</configuration>
</root>
<!-- JFLKHGDJLKFHGJCXLKGJFLKDJKLHFELIUFDSALDSAHGLSAVSHGSOFHDSAF -->
Reference in New Issue View Git Blame Copy Permalink