|
⇤ ← Revision 1 as of 2023-11-21 12:15:01
Size: 2956
Comment: prepare the outline
|
Size: 4634
Comment: add all the UEFI settings
|
| Deletions are marked like this. | Additions are marked like this. |
| Line 9: | Line 9: |
| * Mash ''something'' during POST to get the one-time boot target menu, you can access the BIOS/UEFI from there | * Mash F1 during POST to get into the BIOS/UEFI |
| Line 31: | Line 31: |
| * TBC | * Main * Set System time and date * Devices * Audio * Onboard: disabled * Network Setup * All enabled * Advanced * CPU Setup * Enable virt * Enable vt-d * all c states * turbo enabled * Intel manageability * Disable that remote mgmt stuff * SOL config * Console type = vt100+ * USB provosioning: disabled * Intel SGX * SGX control: software controlled * SIPP support enabled * CPU CRID support enabled * Chipset CRID support enabled * Dust shield alert: disabled * Power * after loss -> power on * enhanced power saving mode disabled * smart power on Enabled (Alt-P to power up) * Intrlligent cooling engine * perf mode = better acoustics * thermal alert enabled * Auto power on * WOL = Auto * Alarm = Disabled * Security * Allow flash to old version: Yes * Require admin pass when flashing: No * Wundows UEFI firmware update: Enabled * Require POP on boot: No * POP on restart: No * Admin pass on F12 boot: No * Smart USB protection: Disabled * Fingerprint Setuo * Preboot Auth: Disabled * TCG Feature Setup * TCG Device: Discrete TPM * Discrete TPM FW Switch: TPM 2.0 * Security chip 2.0: Enabled * Clear TCG: No * Secure Boot * Status: Disabled * Device Guard: Disabled * Chassis Intrusion Detection: Disabled * Config change detection: Disabled * Password count exceeded error: Disabled * Startup * CSM: Disabled * Startup device menu prompt: enabled Reboot and go in again with F1 * Startup * Primary sequence * Network 1 * M.2 drive 1 * Disable all the others * Do the same for Auto and Error boot sequences |
So you've just received a brand-new secondhand one of these things off Ebay, what do we need to do to it before use?
Contents
BIOS/UEFI settings
Getting in there
- Mash F1 during POST to get into the BIOS/UEFI
- If you get stuck in Windows because the keyboard wasn't detected fast enough, you can get to the desktop and then:
- Hit the Windows key, type "UEFI", then select Change Advanced Start-up Options
- Restart Now with the Advanced Startup button
Then from that boot menu go to Troubleshoot, Advanced Options, UEFI Firmware Settings, Restart
Update the BIOS to the latest version
- TBC
- The latest BIOS update for the M710q (as of 2023-11-20) is version XYZ, released 2019-xx-xx
Grab the MAC address
You need to boot the OS for this I think, or inspect the DHCP server the first time it PXE boots.
You'll need this later when configuring PXE booting.
Change BIOS/UEFI settings
The first thing you want to do is set it to full UEFI mode, no legacy here.
Then all these settings:
- Main
- Set System time and date
- Devices
- Audio
- Onboard: disabled
- Network Setup
- All enabled
- Audio
- Advanced
- CPU Setup
- Enable virt
- Enable vt-d
- all c states
- turbo enabled
- Intel manageability
- Disable that remote mgmt stuff
- SOL config
- Console type = vt100+
- USB provosioning: disabled
- Intel SGX
- SGX control: software controlled
- SIPP support enabled
- CPU CRID support enabled
- Chipset CRID support enabled
- Dust shield alert: disabled
- CPU Setup
- Power
after loss -> power on
- enhanced power saving mode disabled
- smart power on Enabled (Alt-P to power up)
- Intrlligent cooling engine
- perf mode = better acoustics
- thermal alert enabled
- Auto power on
- WOL = Auto
- Alarm = Disabled
- Security
- Allow flash to old version: Yes
- Require admin pass when flashing: No
- Wundows UEFI firmware update: Enabled
- Require POP on boot: No
- POP on restart: No
- Admin pass on F12 boot: No
- Smart USB protection: Disabled
- Fingerprint Setuo
- Preboot Auth: Disabled
- TCG Feature Setup
- TCG Device: Discrete TPM
- Discrete TPM FW Switch: TPM 2.0
- Security chip 2.0: Enabled
- Clear TCG: No
- Secure Boot
- Status: Disabled
- Device Guard: Disabled
- Chassis Intrusion Detection: Disabled
- Config change detection: Disabled
- Password count exceeded error: Disabled
- Startup
- CSM: Disabled
- Startup device menu prompt: enabled
Reboot and go in again with F1
- Startup
- Primary sequence
- Network 1
- M.2 drive 1
- Disable all the others
- Do the same for Auto and Error boot sequences
- Primary sequence
Prepare for PXE booting
- Choose an IP address, the DHCP server will be used to configure the server when it comes up
- Choose a name, and go assign the name to address mapping in the DNS zone
- Configure the DHCP server with the static address reservation
In Mikrotik Winbox it's in IP -> DHCP Server -> Leases. You can open an existing static lease and Copy it. Make sure to edit the:
- IP
- Name
- MAC address
- Comment
In Mikrotik CLI it'd be something like this
[furinkan@helian] /ip/dhcp-server/lease> add address=192.168.1.256 mac-address=02-99-88-77-66-55 server="dhcp general" comment=persica42
If using dnsmasq in Pihole we add a custom config file like /etc/dnsmasq.d/02-pihole-dhcp-persica-cluster.conf
dhcp-host=02:99:88:77:66:55,set:persica,192.168.1.256,persica42,5m # one dhcp-host line per host dhcp-boot=tag:persica,grub/grubx64.efi,illustrious.thighhighs.top,192.168.1.12
Note that things are a bit different here, we specify boot options per-host rather than at a subnet level like on MikrotikRun pihole restartdns after making changes
You should now be able to PXE boot the box. It'll get an address from DHCP, then hit the next-server for PXE executable which is grubx64.efi
Grub will download its menu from the TFTP server via baked-in path, which defines the kernel and initrd to download and execute. That's typically a Linux kernel, with cmdline options to start a kickstarted install. Kickstart will download its kickstart.cfg then the magic happens.
Now go put the right bits in the right places, you'll need a kernel and initrd at a minimum, then for auto installs you need a kickstart config (or Debian equivalent): PxeBooting#Putting_the_right_bits_in_the_right_places