A couple of days ago I received an interesting question from fellow colleague Paudie O'Riordan, who works over in our Storage and Availability Business Unit at VMware. He was helping a customer who was interested in PXE booting/installing ESXi using UEFI which is short for Unified Extensible Firmware Interface. Historically, we only had support for PXE booting/installing ESXi using the BIOS firmware. You also could boot an ESXi ISO using UEFI, but we did not have support for UEFI when it came to booting/installing ESXi over the network using PXE and other variants such as iPXE/gPXE.
For those of you who may not know, UEFI is meant to eventually replace the legacy BIOS firmware. There are many benefits with using UEFI over BIOS, a recent article that does a good job of explaining the differences can be found here. In doing some research and pinging a few of our ESXi experts internally, I found that UEFI PXE boot support is actually possible with ESXi 6.0. Not only is it possible to PXE boot/install ESXi 6.x using UEFI, but the changes in the EFI boot image are also backwards compatible, which means you could potentially PXE boot/install an older release of ESXi.
Note: Auto Deploy still requires legacy BIOS firmware, UEFI is not currently supported today. This is something we will be addressing in the future, so stay tuned.
Not having worked with ESXi and UEFI before, I thought this would be a great opportunity for me to give this a try in my homelab which would also allow me to document the process in case others were interested. For my PXE server, I am using CentOS 6.7 Minimal (64-Bit) which runs both the DHCP and TFTP services but you can use any distro that you are comfortable with.
Step 1 - Download and install CentOS 6.7 Minimal (64-Bit)
Step 2 - Login to the CentOS system via terminal and perform the following commands which will update the system and install the DHCP and TFTP services:
yum -y update
yum -y install dhcp tftp-server
Step 3 - Download and upload an ESXi 6.x ISO to the CentOS system. In example here, I am using latest ESXi 6.0 Update 1 image (VMware-VMvisor-Installer-6.0.0.update01-3029758.x86_64.iso).
Step 4 - Extract the contents of the ESXi ISO to the TFTP directory by running the following commands:
mount -o loop VMware-VMvisor-Installer-6.0.0.update01-3029758.x86_64.iso /mnt/
cp -rf /mnt/ /var/lib/tftpboot/esxi60u1
umount /mnt/
rm VMware-VMvisor-Installer-6.0.0.update01-3029758.x86_64.iso
Step 5 - Copy the custom ESXi bootx64.efi bootloader image to the root of the extracted ESXi directory by running the following command:
cp /var/lib/tftpboot/esxi60u1/efi/boot/bootx64.efi /var/lib/tftpboot/esxi60u1/mboot.efi
Step 6 - Next, we need to edit our DHCP configuration file /etc/dhcp/dhcpd.conf to point our hosts to the mboot.efi image. Below is an example configuration and you will need to replace it with the network configuration of your environment. If you are running the TFTP server on another system, you will need to change the next-server property to the address of that system else you will just specify the same IP Address as the DHCP server.
default-lease-time 600; max-lease-time 7200; ddns-update-style none; authoritative; log-facility local7; allow booting; allow bootp; option client-system-arch code 93 = unsigned integer 16; class "pxeclients" { match if substring(option vendor-class-identifier, 0, 9) = "PXEClient"; # specifies the TFTP Server next-server 192.168.1.180; if option client-system-arch = 00:07 or option client-system-arch = 00:09 { # PXE over EFI firmware filename = "esxi60u1/mboot.efi"; } else { # PXE over BIOS firmware filename = "esxi60u1/pxelinux.0"; } } subnet 192.168.1.0 netmask 255.255.255.0 { option domain-name "primp-industries.com"; option domain-name-servers 192.168.1.1; host vesxi60u1 { hardware ethernet 00:50:56:ad:f7:4b; fixed-address 192.168.1.199; } }
Step 7 - Next, we will need to edit our TFTP configuration file /etc/xinetd.d/tftp to enable the TFTP service by modifying the following line from yes to no:
disable = no
Step 8 - By default, the ESXi's boot.cfg configuration file refers to all packages under / path. We will need to remove that reference and can easily do so by running the following command:
sed -i 's/\///g' /var/lib/tftpboot/esxi60u1/boot.cfg
Step 9 - Finally, we need to restart both the TFTP (under xinetd) and DHCP services. For testing purposes, I have also disabled firewall for ipv4/ipv6, of course in a real production environment you will probably want to only open the ports required for TFTP/DHCP.
/etc/init.d/xinetd restart
/etc/init.d/dhcpd restart
/etc/init.d/iptables stop
/etc/init.d/ip6tables stop
We can now boot up either a physical host that is configured to use UEFI firmware OR we can also easily test using Nested ESXi. The only change we need to make to our ESXi VM is by setting the firmware mode from BIOS to EFI which can be done using the vSphere Web/C# Client as shown in the two screenshots below:
If everything was successfully configured, we should now see our system PXE boot into ESXi installer using UEFI as seen in the screenshot below.
If you run into any issues, I would recommend checking system logs on your PXE server (/var/log/messages) to see if there are any errors. You can also troubleshoot by manually using tftp client and connecting to your TFTP Server to ensure you are able to pull down the files such as the boot.cfg by running the following command:
tftp [PXE-SERVER]
get esxi60u1/boot.cfg
For additional resources on scripted installation of ESXi also referred to as Kickstart, be sure to take a look here. I also would like to give a big shoutout and thanks to Tim Mann, one of the Engineers responsible for adding UEFI support into ESXi and for answering some of my questions while I was setting up my environment.
Dan (@Casper042) says
Hey William, there is some HP documentation we produced with similar info when Gen9 was released as Gen9 is all UEFI compatible.
http://h20566.www2.hpe.com/hpsc/doc/public/display?sp4ts.oid=7481826&docId=emr_na-c04565930&docLocale=en_US
Have a look at Page 18 as you can actually make your DHCP Server Dynamically provide the right Boot Filename in the DHCP OFFER based on an "Architecture" flag in the DHCP REQUEST.
So a single DHCP/PXE/TFTP box can support both BIOS and UEFI at the same time and make "game-time" decisions on which Boot Loader to use.
-Dan
William Lam says
Thanks for the comment and reference Dan, but I'm already doing that in the example I've provided 🙂
Anonymous says
Awesome! That means we can use BitLocker network unlock to protect VMs!
phiney says
you could change the sed line to
sed -i 's:/::g' ....
to make it more readable. all those slashes 🙁
other than that. thanks for the heads up
Tim Mann says
There's an official document on UEFI PXE boot now at https://www.vmware.com/resources/techresources/10508
adrian says
Hello
thanks for the info, you can use ipxe without dhcp?
telecastle says
William, so you it's possible to run the ESXi installer via PXE boot. However, is it possible to actually PXE-boot ESXi itself?
William Lam says
Yes, this is exactly what the Auto Deploy feature does.
redoc says
The problem with VMware PXE approach (BIOS or UEFI) is that they think that they "own" the PXE server.
I like Serva approach better, where ESXi is just one more PXE asset to be deployed; from a simple menu available at the booting client, or automated if necessary.
see here:
http://www.vercot.com/~serva/an/NonWindowsPXE3.html
Adam says
I know this is a side track slightly from the subject but I get an error on Windows server 2016 - and its suggested its UEFI support thats not correct:
"Windows cannot be installed to this disk . The selected disk is of the GPT partition style."
Bruce says
Hi Bill, I try tp change boot mode from legacy to UEFI boot for ESXi 6.0 u2. It looks fine though official doesn't support changing boot mode after installation. Is any potential issue to support the boot mode switch?
JungoPro says
Hi William. Great post. I'm interested to see if I can use Windows deployment server (WDS) as the PXE server. I already use it for Windows deployment and I want to use it for ESXi as well. Do you have the steps to configure WDS for ESXI UEFI?
William Lam says
I don't use WDS, so I can't comment on the steps. However, someone had recently shared this with me https://communities.vmware.com/message/2648236#2648236 and it seems like they've been successful in using WDS to deploy ESXi (UEFI mode)
JungoPro says
Thanks William. This was actually my post in the community trying to find a way to achieve it. I now have a working setup for my use case. I'm documenting the process and will share soon
JungoPro says
Hi William
If you're interested in the process, I documented it here - https://jungopro.com/2017/02/04/wds-and-esxi-deployment-efi-based/
UMESH says
Hi William, I was following your doc and it worked perfect when trying to boot all UEFI PXE servers with just ESXi. However, when we need to have multiple OS network installs to be done using PXE over UEFI, just having mboot.efi in the dhcpd.conf file wont help as it is always looking for boot.cfg file as per my understanding. So I obtained grubx64.efi from redhat 7, and created a menu entry for each OS that I need to install on a UEFI enabled server. Everything works fine except ESXi as I am not able to use the "chainload" option in grub.cfg to point to mboot.efi. Wondering if there is a way I can have this ESXi install using grub2 from redhat.
Abhiram Potluri says
Hi William, Is it possible to change the boot option from BIOS to UEFI in ovf template file? I've a OVF template with following setting: . This works for ESX 5.5,6.5 and Vcenter 5.x but when I use vcenter 6.5 with the same ovf file to deploy, vcenter is switching to BIOS option (default).
Prakash Kumar says
Hi Abhiram, even I am facing the same issue , please let me know once you have a solution. Thanks in advance!!
Prakash Kumar says
It is an known issue in the vSphere 6.5 Web Client. please click on the below link VMware vSphere 6.5 Release Notes for more details,
https://docs.vmware.com/en/VMware-vSphere/6.5/rn/vsphere-esxi-vcenter-server-65-release-notes.html#vmissues
Workaround :- Deploy the OVF template with the EFI boot option using OvfTool, version 4.2.0.
Abhiram Potluri says
Hi Prakash, thank you for finding out about this. Really helpful.
Scooby says
Hi,
We've been using the https://www.ultimatedeployment.org appliance which is preconfigured for bios pxe of servers. With the templates built from csv type files one can auto create a menu where you choose the particular host you want to build at boot time: hostname, IPs and anything else you can automate with variables in a kickstart script. All via web gui It's been great but unfortunately it doesn't support efi so we'll likely need to move to autodeploy as newer hosts aren't playing as nice with bios pxe.
There is a video overview here (he's deploying vms via ovftool here rather than choosing from the interactive pxe text menu.c32 at boot time like we normally would on physical servers - don't have to worry about mac addresses and overwriting a server accidentally; a timeout would just have the server boot normally) https://www.youtube.com/watch?v=BDroetc3qbI