Bug #11044

PXE Boot support

Added by ronlaws86 2016-02-02 13:53:42 . Updated 2020-04-13 17:21:49 .

Status:
Rejected
Priority:
Normal
Assignee:
Category:
Target version:
Start date:
2016-02-02
Due date:
% Done:

0%

Feature Branch:
Type of work:
Sysadmin
Blueprint:

Starter:
Affected tool:
Deliverable for:

Description

Tails doesn’t appear to be bootable via PXE, the boot process gets stuck waiting for the ethernet card(s) to up,
though on the machines tested, a normal live boot from USB works just fine with working network drivers, the process hangs at this point and the kernel cannot obtain the squashfs file from the server to continue.

(suggestion: a build for pxe where the root fs is packed in the initrd similar to how it’s done with thinstation?)

Files

pxe-test-2017-06-22T13-28-13-414201000Z.webm (1823098 B) beta-tester, 2017-06-22 13:44:18

Subtasks

Related issues

Has duplicate Tails - Bug #16236: issue: PXE boot does not work Duplicate 2018-12-22

History

#1 Updated by sajolida 2016-02-03 20:26:50

  • Target version deleted (Tails_2.2)

#2 Updated by chrysn 2016-02-10 20:52:49

i’ve tested this and can confirm that tails 2 fails to get the ethernet interfaces up when booting from pxe, eg. with a `fetch=http://...` kernel option.

this is not about missing infrastructure in the initramfs, though: when adding `break` to the kernel command line and running, in my case, `modprobe r8169` (my ethernet driver) followed by `exit`, tails boots up fine.

#3 Updated by ronlaws86 2016-02-11 14:22:53

What did you do to add the modprobe? was it added to the append line in the pxe config, and what did you add exactly, i’ve been unable to get this to work.

#4 Updated by sajolida 2016-04-26 10:31:41

  • blocks Feature #11378: Make Tails Installer installable through Ubuntu Software added

#5 Updated by sajolida 2016-05-03 13:03:09

  • blocked by deleted (Feature #11378: Make Tails Installer installable through Ubuntu Software)

#6 Updated by goupille 2016-08-19 12:15:14

  • Status changed from New to Rejected

it is not a supported way of installation or booting, if you want us to support it one day, feel free to work on it

#7 Updated by ronlaws86 2016-08-19 12:29:05

Faith in tails lost overnight.
this is a really standard feature that exists in in every other Linux distribution available, and got broken in Tails, one small tweak during the init phase to load net drivers would fix this, instead a way of truly loading an “amnesia” os over a network to a completely diskless computer is snubbed because the developer “Can’t be bothered” to fix one small discrepancy that should not have needed fixing in the first place, to “Support” a method of booting that shouldn’t need “Supporting” because it is standard on every other linux distribution going.

———\▔\
——- )..)
——-/../▂▂▂
▂▂╱┈ ▕▂▂▂▏
▉┈-┈┈ ▕▂▂▂▏
▉┈-┈┈▕▂▂▂▏
▔▔╲▂▕▂▂▏

#8 Updated by ronlaws86 2016-08-19 12:29:27

ronlaws86 wrote:
> Faith in tails lost overnight.
> this is a really standard feature that exists in in every other Linux distribution available, and got broken in Tails, one small tweak during the init phase to load net drivers would fix this, instead a way of truly loading an “amnesia” os over a network to a completely diskless computer is snubbed because the developer “Can’t be bothered” to fix one small discrepancy that should not have needed fixing in the first place, to “Support” a method of booting that shouldn’t need “Supporting” because it is standard on every other linux distribution going.
>
> ———-\▔\
> ——— )..)
> ———/../▂▂▂
> ▂▂╱┈ ▕▂▂▂▏
> ▉┈-┈┈ ▕▂▂▂▏
> ▉┈-┈┈▕▂▂▂▏
> ▔▔╲▂▕▂▂▏

#9 Updated by cypherpunks 2016-08-22 19:57:49

ronlaws86 wrote:
> Faith in tails lost overnight.
> this is a really standard feature that exists in in every other Linux distribution available, and got broken in Tails, one small tweak during the init phase to load net drivers would fix this, instead a way of truly loading an “amnesia” os over a network to a completely diskless computer is snubbed because the developer “Can’t be bothered” to fix one small discrepancy that should not have needed fixing in the first place, to “Support” a method of booting that shouldn’t need “Supporting” because it is standard on every other linux distribution going.

Or you could work on fixing it yourself. Tails doesn’t have a massive team of devs who can work on every little feature request. Furthermore, this is likely something specific to Debian Live, not just Tails. You could go complain to them.

#10 Updated by beta-tester 2017-06-22 13:45:21

ronlaws86 wrote:
> Tails doesn’t appear to be bootable via PXE, the boot process gets stuck waiting for the ethernet card(s) to up,
> though on the machines tested, a normal live boot from USB works just fine with working network drivers, the process hangs at this point and the kernel cannot obtain the squashfs file from the server to continue.

i also have that problem with Tails 2.x and now with Tails 3.0.
my hope was that is was fixed with tails 3 but unfortunately the issue still exists.

i also tried to ass a “”break“” to the kernel boot option and then tried to “modprobe ; exit;” but even that did not fix the issue.
i still cannot boot Tails via PXE.

i tried several Linux distributions to boot via PXE with success. only Tails makes trouble.

i always end up with

Waiting for ethernet card(s) up... If this fails, maybe the ethernet card is not supported by the kernel 4.9.0-3-amd64?

i used different computers with “r8169” and “e1000” ethernet cards/modules loaded.

it would be extremely helpful, when Tails could be booted via PXE.

#11 Updated by beta-tester 2018-12-22 18:32:53

cypherpunks wrote:
> Tails doesn’t have a massive team of devs who can work on every little feature request. Furthermore, this is likely something specific to Debian Live, not just Tails. You could go complain to them.

hi, Debian (8.x .. 9.x) does PXE boot very well and ubuntu (16.x .. 19.x) does it as well, so something must be broken in Tails.
i found something interesting on that webpage https://www.vercot.com/~serva/an/NonWindowsPXE3.html
there is an customized initrd file for Tails 3.8 unfortunately i don’t have access to Tails 3.8 anymore and that initrd isn’t compatible with the actual Tails version, because of different kernel version. but maybe you could aske the maker of that customized initrd file to implement that into the mail tails release.

#12 Updated by mercedes508 2018-12-23 17:25:05

  • has duplicate Bug #16236: issue: PXE boot does not work added

#13 Updated by beta-tester 2020-04-13 17:03:22

i got tails pxe boot working …

… kind of.

1. first of all there are no kernel drivers modules for networking in the official /live/initrd.img on tails.
to solve that issue, i have to create an additional initrd.img that contains all the missing modules and overlay it to the original initrd.img.
> 1’st, boot into tails from an USB/DVD image
> 2’nd, open a terminal window and create the custom initrd.img with:
>

<code class="sh">
find /lib/modules/$(uname -r)/kernel/drivers/net/phy/ /lib/modules/$(uname -r)/kernel/drivers/net/ethernet/ -type f -print0 | \
cpio --null --create --verbose --format=newc | \
gzip --best > /tmp/tails-net.img
</code>


> 3’rd, copy that /tmp/tails-net.img file to your PXE-server.
> 4’th, look with lsmod, what kernel drivers modules were loaded for your network and with modinfo its dependencies. in my case it was libphy, realtek, r8169

2. then i have to put the tails-net.img file to a place, where the pxe-client will have access to, to be able to load the file.

3. then you have to add the tails-net.img for the INITRD entry of the pxe-menu as last additional file.

<code class="text">
LABEL tails-x64
    MENU LABEL Tails x64 (start network by hand)
    KERNEL http://192.168.1.1/srv/nfs/tails-x64/live/vmlinuz
    INITRD http://192.168.1.1/srv/nfs/tails-x64/live/initrd.img,http://192.168.10.193/srv/nfs/tails-net.img
    APPEND fetch=http://192.168.1.1/srv/nfs/tails-x64/live/filesystem.squashfs ro boot=live config break \
live-media=removable nopersistence noprompt timezone=Etc/UTC block.events_dfl_poll_msecs=1000 noautologin \
module=Tails slab_nomerge slub_debug=FZP mce=0 vsyscall=none page_poison=1 init_on_alloc=1 init_on_free=1 mds=full,nosmt
    TEXT HELP
        Boot to Tails x64 Live
        You have to start network by hand
    ENDTEXT
</code>


it is important, that the option break is in the APPEND list, because the network isn’t loading the modules automatically.
(the \ means, that there is a line-break. you have to remove the \ so the APPEND is one singel long line)

4. now i can pxe-boot my pxe-client into tails.

5. the boot process will break into a initramfs console just before the init process will mount any devices.
because the network kernel drivers modules are not loaded automatically, i have to do it by hand now.
in my case libphy, realtek, r8169:

<code class="text">
insmod /lib/modules/$(uname -r)/kernel/drivers/net/phy/libphy.ko
insmod /lib/modules/$(uname -r)/kernel/drivers/net/phy/realtek.ko
insmod /lib/modules/$(uname -r)/kernel/drivers/net/ethernet/realtek/r8169.ko
</code>

6. the fetch=... procedd will use wget to load the filesystem.squashfs. but for unknown reason in the original initrd.img of tails /bin/wget was replaced by a script that expects a running torsocket. at this time there is no torsocket active. so i have to change the script to use the wget from busybox.
and just after the filesystem.squashfs was fetched i have to “revert” every network related stuff i manually loaded.
so putting all together to the new /bin/wget script. to create the script from the console type in:

<code class="text">
cat << EOF > /bin/wget
#!/bin/sh
unset http_proxy
unset HTTP_PROXY
unset https_proxy
unset HTTPS_PROXY

busybox wget --passive-ftp "\$@"

# bring down the network interface
ip link set eth0 down

# unload network kernel drivers modules
rmmod /lib/modules/\$(uname -r)/kernel/drivers/net/phy/libphy.ko
rmmod /lib/modules/\$(uname -r)/kernel/drivers/net/phy/realtek.ko
rmmod /lib/modules/\$(uname -r)/kernel/drivers/net/ethernet/realtek/r8169.ko
EOF
</code>


don’t worry, after the pxe boot is finished, the changed /bin/wget script is overwritten back to the original tails one.

7. now i can type exit to the initramfs console and the boot process will continue:
> it initialize the network,
> then it will fetch the filesystem.squashfs by using our wget script,
> and our wget script shuts down the network interface and unload the modules after its use.

8. now you should be in tails welcome screen.

conclusion/issues:

  • there is the issue, that even i provide the missing network kernel drivers modules they don’t will be loaded automatically. i have no knowledge, how to load those modules automatically.
  • the next issue is that in the initrd.img the /bin/wget is replaced by a script that expects torsocket. at initrd, i don’t see a reason, why it is not using the default wget, because at boot process we are in our local network of trust.
  • the last issue is, why do i need to shutdown the network interface before tails finishes booting to get tails & tor working?
  • with fetch=... tails behaves like booted from a DVD as read-only. none of the changes will stay persistent. (it is not an issue)
  • tails ignores the following boot options locales=de_DE.UTF-8 keyboard-layouts=de. it would be nice, when tails would put those settings into account of the welcome screen as presets for language and keyboard preferences like Debian is doing.

i really would like to get tails pxe-booting out of the box. so i can pxe-boot tails from my RaspberryPi, that acts as a PXE-Server https://github.com/beta-tester/RPi-PXE-Server .
i have no knowledge to fix the issues above, but i hope one of the developer could help, so that it is not necessary to add the modules by hand and changing the wget script…