So you've just received a brand-new secondhand one of these things off Ebay, what do we need to do to it before use?

BIOS/UEFI settings

Getting in there

• Mash F1 during POST to get into the BIOS/UEFI
• If you get stuck in Windows because the keyboard wasn't detected fast enough, you can get to the desktop and then:
  • Hit the Windows key, type "UEFI", then select Change Advanced Start-up Options
  • Restart Now with the Advanced Startup button

  • Then from that boot menu go to Troubleshoot, Advanced Options, UEFI Firmware Settings, Restart

Update the BIOS to the latest version

• TBC
• The latest BIOS update for the M710q (as of 2023-11-20) is version XYZ, released 2019-xx-xx

Grab the MAC address

You need to boot the OS for this I think, or inspect the DHCP server the first time it PXE boots.

You'll need this later when configuring PXE booting.

Change BIOS/UEFI settings

The first thing you want to do is set it to full UEFI mode, no legacy here.

Then all these settings:

• Main
  • Set System time and date
• Devices
  • Audio
    • Onboard: disabled
  • Network Setup
    • All enabled
• Advanced
  • CPU Setup
    • Enable virt
    • Enable vt-d
    • all c states
    • turbo enabled
  • Intel manageability
    • Disable that remote mgmt stuff
    • SOL config
      • Console type = vt100+
    • USB provosioning: disabled
  • Intel SGX
    • SGX control: software controlled
  • SIPP support enabled
  • CPU CRID support enabled
  • Chipset CRID support enabled
  • Dust shield alert: disabled
• Power

  • after loss -> power on

  • enhanced power saving mode disabled
  • smart power on Enabled (Alt-P to power up)
  • Intrlligent cooling engine
    • perf mode = better acoustics
    • thermal alert enabled
  • Auto power on
    • WOL = Auto
    • Alarm = Disabled
• Security
  • Allow flash to old version: Yes
  • Require admin pass when flashing: No
  • Wundows UEFI firmware update: Enabled
  • Require POP on boot: No
  • POP on restart: No
  • Admin pass on F12 boot: No
  • Smart USB protection: Disabled
  • Fingerprint Setuo
    • Preboot Auth: Disabled
  • TCG Feature Setup
    • TCG Device: Discrete TPM
    • Discrete TPM FW Switch: TPM 2.0
    • Security chip 2.0: Enabled
    • Clear TCG: No
  • Secure Boot
    • Status: Disabled
  • Device Guard: Disabled
  • Chassis Intrusion Detection: Disabled
  • Config change detection: Disabled
  • Password count exceeded error: Disabled
• Startup
  • CSM: Disabled
  • Startup device menu prompt: enabled

Reboot and go in again with F1

• Startup
  • Primary sequence
    • Network 1
    • M.2 drive 1
    • Disable all the others
  • Do the same for Auto and Error boot sequences

Prepare for PXE booting

1. Choose an IP address, the DHCP server will be used to configure the server when it comes up
2. Choose a name, and go assign the name to address mapping in the DNS zone

3. Record the allocation in the spreadsheet: https://docs.google.com/spreadsheets/d/1bUR4y21wuCVRCpQcBbP85wGAWELrVjo2_tNJ7la495A/edit#gid=0 1. Configure the DHCP server with the static address reservation

   • In Mikrotik Winbox it's in IP -> DHCP Server -> Leases. You can open an existing static lease and Copy it. Make sure to edit the:

     • IP
     • Name
     • MAC address
     • Comment

   • In Mikrotik CLI it'd be something like this

     [furinkan@helian] /ip/dhcp-server/lease> add address=192.168.1.256 mac-address=02-99-88-77-66-55 server="dhcp general" comment=persica42

   • If using dnsmasq in Pihole we add a custom config file like /etc/dnsmasq.d/02-pihole-dhcp-persica-cluster.conf

     dhcp-host=02:99:88:77:66:55,set:persica,192.168.1.256,persica42,5m
     # one dhcp-host line per host
     dhcp-boot=tag:persica,grub/grubx64.efi,illustrious.thighhighs.top,192.168.1.12

     Note that things are a bit different here, we specify boot options per-host rather than at a subnet level like on Mikrotik

     • Run pihole restartdns after making changes

You should now be able to PXE boot the box. It'll get an address from DHCP, then hit the next-server for PXE executable which is grubx64.efi

Grub will download its menu from the TFTP server via baked-in path, which defines the kernel and initrd to download and execute. That's typically a Linux kernel, with cmdline options to start a kickstarted install. Kickstart will download its kickstart.cfg then the magic happens.

Now go put the right bits in the right places, you'll need a kernel and initrd at a minimum, then for auto installs you need a kickstart config (or Debian equivalent): PxeBooting#Putting_the_right_bits_in_the_right_places