Hello, we've been using CloneDeploy with great success in our school district since summer. Thanks for this great tool!
We use USB sticks to initiate CloneDeploy's standard linux block imaging, keeping our devices in UEFI Secure Boot mode.
We're now attempting to use PXE booting (via Proxy DHCP) to eliminate the need for physical USB sticks, but receive an "ACCESS DENIED" error after the pxeboot.0 file is transferred. Switching devices to legacy mode and using plain old pxelinux will boot just fine, but obviously adds extra steps pre- and post-imaging.
Moreover, disabling Secure Boot while leaving UEFI on will allow the pxeboot.0 to run, but brings the computer to the GNU GRUB rescue shell, rather than the normal CloneDeploy Grub menu we're accustomed to from the USB sticks.
I've tried messing with some of the files in /tftpboot and replaced pxeboot.0 with the USB stick's bootx64.efi, which seems to move on beyond the Secure Boot step (but then immediately fails for some other reason). Could it be that pxeboot.0 is not properly signed in the same way like bootx64.efi is? Or other critical files are not loading during the PXE/TFTP steps?
The CloneDeploy documentation (http://clonedeploy.org/docs/imaging-environments/ ) states that Secure Boot (and therefore EFI) is supported when Proxy Efi64 PXE Mode is set to grub (which ours is).
I tried searching for any chatter from other users, but haven't found an instance of someone using EFI Grub PXE with Secure Boot either on or off.
Is there anything I'm missing?
Thanks for any insight!