1. 22

netboot.xyz is a way to select various operating system installers or utilities from one place within the BIOS without the need of having to go retrieve the media to run the tool. iPXE is used to provide a user friendly menu from within the BIOS that lets you easily choose the operating system you want along with any specific types of versions or bootable flags.

You can remote attach the ISO to servers, set it up as a rescue option in Grub, or even set up your home network to boot to it by default so that it’s always available.

Source code: https://github.com/antonym/netboot.xyz

  1. 5

    No mention of verification or validation of boot media; yikes. And this is scary.

    1. 4

      Its not mentioned anywhere but it appears to sign all of its own files with a certificate that gets embedded in the boot media(see part of the build script here) https://github.com/antonym/netboot.xyz/blob/e56dd07c310187f2db8e5ed9612f28863ac9c722/script/prep-release.sh#L90

      E.g. You can download the signature for the ubuntu.ipxe file: http://boot.netboot.xyz/sigs/ubuntu.ipxe.sig

      Additionally it appears that iPXE supports validating signatures of the boot media that gets downloaded, and this looks like it is done for some of the boot options(but not all). See ubuntu again: https://github.com/antonym/netboot.xyz/blob/e56dd07c310187f2db8e5ed9612f28863ac9c722/src/ubuntu.ipxe#L76

      That said I’ve not verified this is the case/that it’s actually secure in any way, it was just from taking a look at the code.

    2. 3

      Cool. A friend of mine used to run a similar service (called netboot.me, and using iPXE’s predecessor gPXE), but it never really got any recognition or users. I always thought it was a pretty cool idea, though. Yeah, you still need boot media (probably), but just one, of negligible size, to boot all kinds of OSes and utilities. Reasonably handy tool :)

      1. 2

        I think there’s a step 1 I’m missing. I almost know what this is, but then I get confused. It’s a PXE boot loader? But there’s an ISO? Does it PXE boot the ISO or CD boot the PXE? (Blockchain the blockchain?)

        1. 7

          It looks like you get a boot image(as an ISO/CD/USB/PXE bootable thing) that runs the iPXE bootloader(a fancy bootloader capable of doing neat network booting things). iPXE seems like it is designed to replace the PXE ROM of some network cards, but you can also just chainload into it from any other bootable media. It appears to be a much more capable bootloader.

          Anyway, the iPXE bootloader is what does all the magic, it’s apparently capable of booting an iso(or other image) from an http location. So the image you get from netboot.xyz(the CD/USB/whatever mentioned above) contains iPXE configured to get its configuration from http://boot.netboot.xyz. The configuration at boot.netboot.xyz includes all the operating system menu entries, and each of those specifies where iPXE can load an iso from.

          See for example the iPXE entry for freedos: https://github.com/antonym/netboot.xyz/blob/master/src/freedos.ipxe It just points at a zip file that iPXE will download and boot.

          Disclaimer: I’ve never used netboot.xyz or iPXE before.

          1. 1

            I think it’s a server that can be run that will serve images for PXE.