Jump to Limitations of UEFI Syslinux - The Syslinux configuration file, syslinux.cfg, should be created in the same directory where you installed Syslinux. In our case, /boot/syslinux/ for BIOS systems and esp/EFI/syslinux/ for UEFI systems. Tip: Instead of LINUX, the keyword KERNEL can also be used.

Syslinux-efi is a great option for PXE booting a UEFI-mode client, but the current package is not signed and so cannot be used when secure-boot is enable. It would be very helpful if there was, say, a `syslinux- signed- efi` package similar to `linux- signed- generic`, etc. For what it's worth, System76 is working on switching all its products to UEFI, and this is one of the last blockers for our imaging system (we don't want customers to be confused/concerned about the 'booting in insecure mode' message). Mathieu: also, to clarify because I don't think my original description was clear enough: We want to have our firmware in UEFI mode with secure boot on by default, yet we want to avoid having to toggle secure boot off in order to image, the toggle it back on prior to shipping to the customer. The 'Booting in insecure mode message' I'm talking about is the result of having secure-boot turned off at the firmware level, nothing to do with the operating system. So for us, it would still be hugely helpful to have a signed EFI syslinux.

Well, part of the reason for using syslinux over grub is our imaging system still needs to support PXE booting legacy BIOS systems, and syslinux is what we've used historically for that. The other part is that back when I last tried using grub as a PXE bootloader, I wasn't able to get it working, although I haven't tried in a while. But we do have everything working with syslinux now, minus the signing. As far as whether we want it signed with a with Microsoft Key or Canonical Key, I'm not totally clear on the details there, but I think we want it signed with whatever key is currently used to sign the shim and the kernels. I was under the impression that the Canonical Key was signed by the same CA that the Microsoft Key is, and that's why you can still install Ubuntu on systems with secure boot enabled that originally shipped with Windows.

Mathieu: my goof. I thought the 'Booting in insecure mode' message was actually coming from the firmware, didn't realize it was coming from shim. We confirmed that the shim package in proposed indeed fixes this behaviour.

And this also unblocks us when it comes to having a signed syslinux. We're not necessarily super attached to shipping with secure boot enabled (although we would like the option). What we are attached to is shipping UEFI systems and not having the 'Booting in insecure mode' message cause customers needless concern and confusion. Thanks for clearing this up for me, even though it took a bit for it to sink in!:D.

LABEL - MENU LABEL Whatever you Like COM32 /boot/syslinux/chain.c32 APPEND boot ntldr=/BOOTMGR Transfer over all the contents of a Windows Vista based install CD/DVD (or the VistaRE CD). All files/folders from here should be in CAPS. Zhurnali orderi buhgaltersjkogo oblku blanki. Use a updated version of syslinux and chain.c32 (both can be found at syslinux package) as the ones in UBCD 5.0b12 are out of date and do not work.