Having trouble signing in? Try this!
Ask questions. Help others.
The HP Community is here for you.
Post new question
Question
Reply
 
Note on archived topics.
This topic has been archived. Information and links in this thread may no longer be available or relevant.
If you have a question create a new topic by clicking here, or click on "Post new question" above and select the appropriate board.
Honor Student
Posts: 2
Member Since: ‎09-01-2014
Message 1 of 11 (17,872 Views)

PXE, UEFI and Secure Boot

Is there som trick to get HP computers with UEFI BIOS to boot from PXE w/o turning off secure boot?

 

My environment is Windows 2012 server with SCCM. The WDS service is running, I can PXE boot other brands of laptops (dell, microsoft), so I know my setup is somewhat with in the ballpark. I can also boot the HP UEFI computers with a USB stick w/o turning off secure boot, but once the bootimage is on PXE, it fails.

 

I do not use DHCP options, nor IP helpers. The clients are on the same subnet as my DHCP server and my DP/WDS server.

 

We have both UEFI and BIOS computers in our environment. All manage to PXE boot except the HP UEFI computers. Unless I turn Secure Boot off - then it happily loads the image. Is there perhaps some secure keys the computers are missing?

 

Thank you in advance for any answer to this. We have ~3000 computers that are affected.

0 Kudos
Tutor
Posts: 12
Member Since: ‎01-25-2016
Message 2 of 11 (17,347 Views)

Re: PXE, UEFI and Secure Boot

Hello

 

I have a very similar issue. UEFI and Secure Boot are enabled, MS SCCM 2012 R2, etc. Want to deploy Windows 10....

 

In my case several laptops models (HP Elitebook 820 G2; HP Elitebook 850 G2; HP EliteBook Folio 9470m; HP Zbook 17 G2) don't want to boot in WinPE. After Downloading WinPE into RAM and a restart a HP message appears: "No bootable image found, notebook will shutdown"

 

But WinPE was successfully downloaded into OS Boot Manager. I've checked it with Bcdedit. Interessting point is that if I login to the BIOS now and change the Secure Boot to "disable" the computer boot in WinPE immediately.

 

Other Models like HP EliteBook Folio 1040 G1; HP ProBook 650 G1 works fine with enbaled UEFI and Secure Boot !!!

 

All Laptops have latest BIOS version. I've tried BIOS Factory defaults and Security defaults. Nothing changed if UEFI and Secure Boot is enabled.

 

It seems there are different SecureBoot checks implemented at HP.

 

Has anyone a solution, similar experiences or an explanation ??

 

Thanks a lot in advance

 

Intern
Posts: 22
Member Since: ‎07-20-2016
Message 3 of 11 (15,532 Views)

Re: PXE, UEFI and Secure Boot

Have the same issue, any progress on this?

Tutor
Posts: 12
Member Since: ‎01-25-2016
Message 4 of 11 (15,293 Views)

Re: PXE, UEFI and Secure Boot

After several months I found a workaround. In my case I identified that HP is looking for an efi file in the wrong path while Booting.

My solution: I've created a package including my bootx64.efi file founded in my SCCM environment and added the package to my task sequence after the step partionining the disk and before the step Reboot into WinPE. The command of the package is copying the efi file to s:\efi\boot folder. which in my case not exists.

Hope this helps for you too

 

Top Student
Posts: 5
Member Since: ‎04-14-2017
Message 5 of 11 (13,271 Views)

Re: PXE, UEFI and Secure Boot

Can you explan litle bit in detail please  ?

Tutor
Posts: 12
Member Since: ‎01-25-2016
Message 6 of 11 (13,261 Views)

Re: PXE, UEFI and Secure Boot

Hi kuvinod,

sorry I don't have a detailed screenshot describtion yet.

 

Following were my solution:

I boot my computers with a WinPE (by using SCCM task-sequence). After Configuring BIOs and SecureBoot and the partitioning step I've copied the file bootx64.efi to s:\efi\boot folder. Next step is Restart the computer to WinPE again while SecureBoot is still enabled. 

 

Are you using SCCM too ?

 

Best regards

Top Student
Posts: 5
Member Since: ‎04-14-2017
Message 7 of 11 (13,255 Views)

Re: PXE, UEFI and Secure Boot

Yes, we use SCCM. But our problem is on the bare metal device. We get devices where by default Secure boot Enabled and Legacy boot disabled option in BIOS. In this case when we do a PXE boot, it does not even do anything.

 

Model - HP Elitedesk G2/3

Tutor
Posts: 12
Member Since: ‎01-25-2016
Message 8 of 11 (13,238 Views)

Re: PXE, UEFI and Secure Boot

Understand. your issue is different to me but seems the issue that LassD had.

We have several G2/3 devices too where by default Secure boot Enabled too.

 

Did you extend your network about BIOS and UEFI Co-Existence ?

UEFI PXE Boot support requires minimum WinSrv20212

Top Student
Posts: 5
Member Since: ‎04-14-2017
Message 9 of 11 (13,221 Views)

Re: PXE, UEFI and Secure Boot

Yes. We have our WDS and SCCM DP with PXE enabled configured on Server 2012 R2.

 

I think the issue is with the HP devices where they do not have hybrid boot option as in the case of Lenovo or Dell.

Top Student
Posts: 5
Member Since: ‎04-14-2017
Message 10 of 11 (12,985 Views)

Re: PXE, UEFI and Secure Boot

Just in case if it helps anyone

 

Upgrading the BIOS to the latest version on HP Elitedesk 800 G2 DM 35W helped to resolve the issue. We can do the PXE boot now.

† The opinions expressed above are the personal opinions of the authors, not of HP. By using this site, you accept the Terms of Use and Rules of Participation