Can't have secureboot and multicast ? secureboot+grub?



  • Hi.
    I colleague installed clonedeploy in windows with dhcpproxy, and got it working with secureboot for windows 10.
    It works greate but its only unicast, and with winpe loading slow, it takes time.
    We tried putting it to multicast but then we get a error message when the multicast install is about to begin saying something about "broken pipe", for about 0,5 seconds, then rebooting.

    Then i setup clonedeploy in linux with its own dhcp server. And when we got a switch supporting multicast and it works great in legacy and UEFI mode, but how do i setup secureboot in grub?
    On the homepage it says secureboot is supported when grub is set to secure boot.

    Or if someone knows the broken pipe bug on windows.

    Thanks for any help 🙂



  • When using WinPE you need to enable multicast support in the image profile before you upload, did you do that?

    Grub2 only supports secure boot when using USB/ISO. Grub2 does not support proxy dhcp. I have compiled a version of Grub2 that does support proxy dhcp and secure boot, but I'm waiting for Microsoft to sign it before I can release it.



  • Hi, thanks for answering.
    How do we enable multicast support in the image? Enable when building the winpe-image or a setting in the web-interface?

    The other environment we are testing is using Linux and uses a full DHCP server, and its own network for pxe booting, with a dedicated network-card. I thought the "Secure boot - Partial - only with ISO / USB Or PXE mode set to Grub" meant i could use grub to launch the image, but if it's the winpe-image that needs tuning i hope we get the windows solution to work.



  • Ok, so i found settings Admin -> Image profile templates -> winpe -> "enable multicast support"
    I am guessing that this is what is applied to each image. Because from the Images > myimage > Profiles > Default Wie, > Upload options i found the enable multicast support for upload.

    It did not work to just change this for an existing image. Also in the profiles options for the Default Wie, there is a tab called multicast options, i guess this is to override the exsisting global multicast options set in the admin settings? So i dont need to fill these out again unless i want change the default behavior?

    Going to try to upload new image with this option checked.



  • @potetpro said in Can't have secureboot and multicast ? secureboot+grub?:

    I am guessing that this is what is applied to each image. Because from the Images > myimage > Profiles > Default Wie, > Upload options i found the enable multicast support for upload.

    Yes that is the default for new images, won't change existing.

    It did not work to just change this for an existing image.

    Correct, it needs enabled before upload

    Also in the profiles options for the Default Wie, there is a tab called multicast options, i guess this is to override the exsisting global multicast options set in the admin settings? So i dont need to fill these out again unless i want change the default behavior?

    Correct again



  • Thanks for the support, it almost works. Is there a timeout, that if you take too long between computers it wont work?
    First time it worked (i used ondemand-multicast), but got stuck at 4% extract on both machines (the images get extracted on clients, and it works great with unicast). Now it won't work either with ondemand-multicast or with when i add the machines to a group and start group task multicast.
    So close. 🙂



  • There is no timeout. Sometimes changing the blocksize can help. In the multicast sender arguments try adding:

    --blocksize 700
    


  • Tried a fresh install of Clonedeploy in windows now stuck at 13%. Same result with or without the blocksize option. Cant get my head around this. Could it be some of the windows network adapter settings? It fast up to 13%(4 of 36 GB), around one% every 2 seconds.



  • On the original system (my first computer with clonedeploy) i now got up to "Extracting file data: 5 GiB of 33 GiB (17%) done" before it froze.



  • How long did you let it wait? WinPE usually looks like it stops for a while and then picks back up, it's possible that this just takes longer when doing multicast?



  • Hi.
    Think i waited 30 minutes without any activity. I can try to wait longer. If nothing happens i can try different hardware, or different windows version.



  • Now i can't even get the multicast to start, sometimes the Winpe image failes right after login on one of the two computers i am testing with, its random which computer, it says "can't download script", but after a reboot it gets past that point. Then it just waits for rest of the computers and won't start. I have tried ondemand and group -multicast.
    The idea is great, but in my experience it's too unreliable. And i don't have any more time to test this out for now. So unicast it is. But with an ssd and maybe 10Gbit uplink it wont be much difference in speed.