Below is a **UEFI-only** recipe that has worked for me every time. It uses the **official Arch netboot images** (which already contain UEFI-signed iPXE binaries) and the smallest possible amount of tooling on the PXE server. ──────────────────── 1. What the client will download (in this order) 1. DHCP → gives IP + TFTP server + filename **ipxe.efi** 2. TFTP → **ipxe.efi** is executed 3. HTTP → iPXE downloads kernel + initrd + squashfs from the mirror you choose Nothing is extracted from the ISO, so you don’t need the ISO at all. ──────────────────── 2. Prepare the PXE server (any Linux box) Install packages ``` sudo pacman -S dnsmasq nginx sudo systemctl enable --now dnsmasq nginx ``` Create a directory that will be served over HTTP ``` sudo mkdir -p /srv/archlive cd /srv/archlive ``` ──────────────────── 3. Download the **netboot** files (kernel + initrd + squashfs) Pick the mirror closest to you, then: ``` sudo wget -r -np -nH --cut-dirs=3 \ https://mirror.pkgbuild.com/iso/latest/arch/boot/x86_64/vmlinuz-linux sudo wget -r -np -nH --cut-dirs=3 \ https://mirror.pkgbuild.com/iso/latest/arch/boot/x86_64/initramfs-linux.img sudo wget -r -np -nH --cut-dirs=3 \ https://mirror.pkgbuild.com/iso/latest/arch/x86_64/airootfs.sfs ``` Adjust the URLs if you prefer another mirror. Make them reachable: ``` sudo ln -s /srv/archlive /srv/http/archlive ``` ──────────────────── 4. Add the UEFI-signed iPXE binary to TFTP ``` sudo mkdir -p /srv/tftp cd /srv/tftp sudo wget https://archlinux.org/releng/netboot/ipxe.efi ``` ──────────────────── 5. Configure dnsmasq for **UEFI PXE only** /etc/dnsmasq.d/arch-uefi.conf ``` interface=eno1 # NIC facing the clients port=0 # disable DNS enable-tftp tftp-root=/srv/tftp dhcp-range=192.168.0.50,192.168.0.150,255.255.255.0,12h dhcp-match=set:efi-x86_64,option:client-arch,7 dhcp-boot=tag:efi-x86_64,ipxe.efi ``` Reload: ``` sudo systemctl restart dnsmasq ``` ──────────────────── 6. Create the iPXE script (menu) /srv/http/archlive/boot.ipxe ``` #!ipxe set base-url http://YOUR_PXE_SERVER/archlive kernel ${base-url}/vmlinuz-linux archisobasedir=arch archiso_http_srv=${base-url}/ ip=:::::eth0:dhcp initrd ${base-url}/initramfs-linux.img boot ``` Make it world-readable: ``` sudo chmod 644 /srv/http/archlive/boot.ipxe ``` ──────────────────── 7. Point iPXE to that script automatically Option A – embed the script inside iPXE **(recommended)** ``` # On any Linux box git clone https://github.com/ipxe/ipxe.git cd ipxe/src cat <<'EOF' > arch.ipxe #!ipxe chain http://YOUR_PXE_SERVER/archlive/boot.ipxe EOF make bin-x86_64-efi/ipxe.efi EMBED=arch.ipxe sudo cp bin-x86_64-efi/ipxe.efi /srv/tftp/ipxe.efi ``` Option B – let iPXE fall back to DHCP option 175 (more complex). ──────────────────── 8. Boot the target machine 1. Enter firmware → disable **Secure Boot** (Arch media is unsigned). 2. Enable **Network Stack / PXE boot** on the NIC. 3. Reboot → press F12 (or whatever key) → choose **UEFI: IPv4** or **PXE**. 4. You should see iPXE banner, then the Arch prompt. Login as **root**. ──────────────────── 9. Install Arch as usual ``` # verify network ping archlinux.org # quick interactive installer archinstall # or manual pacstrap /mnt base linux ... ``` ──────────────────── 10. Common UEFI-specific pitfalls • **Secure Boot must be off** until you sign your own kernels. • The NIC must appear in the **UEFI boot menu**; if it doesn’t, update firmware or enable CSM → then disable CSM again once the installer boots. • If you only have Wi-Fi, plug in a USB-to-Ethernet dongle for the PXE phase—Wi-Fi PXE is still rare. That’s it: a single TFTP file (`ipxe.efi`) and an HTTP folder with three files (`vmlinuz`, `initramfs`, `airootfs.sfs`) are all you need to UEFI-PXE install Arch on any modern machine.