medusa/the_information_nexus
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
main
the_information_nexus/tech_docs/UEFI_arch_deploy.md

4.2 KiB
Raw Permalink Blame History

Below is a UEFI-only recipe that has worked for me every time.
It uses the official Arch netboot images (which already contain UEFI-signed iPXE binaries) and the smallest possible amount of tooling on the PXE server.

────────────────────

  1. What the client will download (in this order)
  2. DHCP → gives IP + TFTP server + filename ipxe.efi
  3. TFTP → ipxe.efi is executed
  4. HTTP → iPXE downloads kernel + initrd + squashfs from the mirror you choose

Nothing is extracted from the ISO, so you dont need the ISO at all.

──────────────────── 2. Prepare the PXE server (any Linux box)

Install packages

sudo pacman -S dnsmasq nginx
sudo systemctl enable --now dnsmasq nginx

Create a directory that will be served over HTTP

sudo mkdir -p /srv/archlive
cd /srv/archlive

──────────────────── 3. Download the netboot files (kernel + initrd + squashfs)

Pick the mirror closest to you, then:

sudo wget -r -np -nH --cut-dirs=3 \
  https://mirror.pkgbuild.com/iso/latest/arch/boot/x86_64/vmlinuz-linux
sudo wget -r -np -nH --cut-dirs=3 \
  https://mirror.pkgbuild.com/iso/latest/arch/boot/x86_64/initramfs-linux.img
sudo wget -r -np -nH --cut-dirs=3 \
  https://mirror.pkgbuild.com/iso/latest/arch/x86_64/airootfs.sfs

Adjust the URLs if you prefer another mirror.

Make them reachable:

sudo ln -s /srv/archlive /srv/http/archlive

──────────────────── 4. Add the UEFI-signed iPXE binary to TFTP

sudo mkdir -p /srv/tftp
cd /srv/tftp
sudo wget https://archlinux.org/releng/netboot/ipxe.efi

──────────────────── 5. Configure dnsmasq for UEFI PXE only

/etc/dnsmasq.d/arch-uefi.conf

interface=eno1            # NIC facing the clients
port=0                    # disable DNS
enable-tftp
tftp-root=/srv/tftp
dhcp-range=192.168.0.50,192.168.0.150,255.255.255.0,12h
dhcp-match=set:efi-x86_64,option:client-arch,7
dhcp-boot=tag:efi-x86_64,ipxe.efi

Reload:

sudo systemctl restart dnsmasq

──────────────────── 6. Create the iPXE script (menu)

/srv/http/archlive/boot.ipxe

#!ipxe
set base-url http://YOUR_PXE_SERVER/archlive
kernel ${base-url}/vmlinuz-linux archisobasedir=arch archiso_http_srv=${base-url}/ ip=:::::eth0:dhcp
initrd ${base-url}/initramfs-linux.img
boot

Make it world-readable:

sudo chmod 644 /srv/http/archlive/boot.ipxe

──────────────────── 7. Point iPXE to that script automatically

Option A embed the script inside iPXE (recommended)

# On any Linux box
git clone https://github.com/ipxe/ipxe.git
cd ipxe/src
cat <<'EOF' > arch.ipxe
#!ipxe
chain http://YOUR_PXE_SERVER/archlive/boot.ipxe
EOF
make bin-x86_64-efi/ipxe.efi EMBED=arch.ipxe
sudo cp bin-x86_64-efi/ipxe.efi /srv/tftp/ipxe.efi

Option B let iPXE fall back to DHCP option 175 (more complex).

──────────────────── 8. Boot the target machine

  1. Enter firmware → disable Secure Boot (Arch media is unsigned).
  2. Enable Network Stack / PXE boot on the NIC.
  3. Reboot → press F12 (or whatever key) → choose UEFI: IPv4 or PXE.
  4. You should see iPXE banner, then the Arch prompt. Login as root.

──────────────────── 9. Install Arch as usual

# verify network
ping archlinux.org

# quick interactive installer
archinstall
# or manual
pacstrap /mnt base linux ...

──────────────────── 10. Common UEFI-specific pitfalls • Secure Boot must be off until you sign your own kernels.
• The NIC must appear in the UEFI boot menu; if it doesnt, update firmware or enable CSM → then disable CSM again once the installer boots.
• If you only have Wi-Fi, plug in a USB-to-Ethernet dongle for the PXE phase—Wi-Fi PXE is still rare.

Thats it: a single TFTP file (ipxe.efi) and an HTTP folder with three files (vmlinuz, initramfs, airootfs.sfs) are all you need to UEFI-PXE install Arch on any modern machine.