Change defaults, add boot.ipxe for mac testing

boot.ipxe

@@ -0,0 +1,30 @@
+#!ipxe
+
+# ─── Network ────────────────────────────────────────────────────────────────
+dhcp || goto dhcp_failed
+
+# ─── Mac detection via SMBIOS manufacturer string ───────────────────────────
+# ${manufacturer} reads SMBIOS Type-1 "Manufacturer" field.
+# All Intel Macs report "Apple Inc." here.
+iseq ${manufacturer} Apple Inc. && goto mac
+
+# ─── Non-Mac boot ────────────────────────────────────────────────────────────
+chain http://${next-server}/default.ipxe || goto failed
+goto end
+
+# ─── Mac boot ────────────────────────────────────────────────────────────────
+:mac
+chain http://${next-server}/mac.ipxe || goto failed
+goto end
+
+# ─── Error handlers ──────────────────────────────────────────────────────────
+:dhcp_failed
+echo DHCP failed - no network
+sleep 5
+reboot
+
+:failed
+echo Chain failed - dropping to shell
+shell
+
+:end

build-mac.sh

@@ -0,0 +1,79 @@
+#!/usr/bin/env bash
+# =============================================================================
+# Mac-specific iPXE build shortcut
+#
+# Builds both the native tg3 EFI binary and an SNP fallback, with the
+# boot.ipxe script embedded in each.  Outputs to ./build/.
+#
+# Usage:
+#   ./build-mac.sh [--embed <script>]
+#
+# Options:
+#   -e, --embed <file>   Boot script to embed (default: boot.ipxe if it exists)
+#   -j, --jobs  <n>      Parallel jobs (default: nproc)
+#   -h, --help
+# =============================================================================
+set -euo pipefail
+
+SCRIPT_DIR="$(dirname "$0")"
+JOBS="$(nproc 2>/dev/null || sysctl -n hw.ncpu 2>/dev/null || echo 4)"
+EMBED=""
+
+# ── Colour helpers ────────────────────────────────────────────────────────────
+if [ -t 1 ]; then
+    C_BOLD='\033[1m'; C_GREEN='\033[0;32m'; C_CYAN='\033[0;36m'
+    C_YELLOW='\033[0;33m'; C_RED='\033[0;31m'; C_RESET='\033[0m'
+else
+    C_BOLD=''; C_GREEN=''; C_CYAN=''; C_YELLOW=''; C_RED=''; C_RESET=''
+fi
+info()  { echo -e "${C_CYAN}▶${C_RESET} $*"; }
+ok()    { echo -e "${C_GREEN}✔${C_RESET} $*"; }
+die()   { echo -e "${C_RED}✘${C_RESET} $*" >&2; exit 1; }
+
+while [[ $# -gt 0 ]]; do
+    case $1 in
+        -e|--embed) EMBED="$2"; shift 2 ;;
+        -j|--jobs)  JOBS="$2";  shift 2 ;;
+        -h|--help)  sed -n '3,12p' "$0" | sed 's/^# \{0,1\}//'; exit 0 ;;
+        *) die "Unknown option: $1" ;;
+    esac
+done
+
+# Default embed: boot.ipxe in repo root if present
+if [[ -z "$EMBED" && -f "$SCRIPT_DIR/boot.ipxe" ]]; then
+    EMBED="$SCRIPT_DIR/boot.ipxe"
+    info "Auto-detected embed script: $EMBED"
+fi
+
+EMBED_OPT=""
+[[ -n "$EMBED" ]] && EMBED_OPT="--embed $EMBED"
+
+# ── Build matrix ──────────────────────────────────────────────────────────────
+#
+#  ipxe-x64.efi   — full iPXE with native tg3 driver (preferred for Intel Macs)
+#  snponly-x64.efi — SNP-only fallback (for Macs where tg3 probe fails)
+#
+echo -e "${C_BOLD}Mac iPXE build${C_RESET}"
+echo ""
+
+info "1/2  Native tg3 EFI binary (efi-x64)…"
+bash "$SCRIPT_DIR/build.sh" -p efi-x64 -j "$JOBS" $EMBED_OPT
+echo ""
+
+info "2/2  SNP fallback binary (snp-x64)…"
+bash "$SCRIPT_DIR/build.sh" -p snp-x64 -j "$JOBS" $EMBED_OPT
+echo ""
+
+# ── Summary ───────────────────────────────────────────────────────────────────
+BUILD_DIR="$SCRIPT_DIR/build"
+echo -e "${C_BOLD}Output files:${C_RESET}"
+for f in "$BUILD_DIR"/*.efi; do
+    size=$(du -h "$f" | cut -f1)
+    ok "  $size  $(basename "$f")"
+done
+
+echo ""
+echo -e "${C_BOLD}Usage on Mac:${C_RESET}"
+echo "  1. Copy ipxe-x64.efi to USB as /EFI/BOOT/BOOTX64.EFI"
+echo "  2. Boot Mac, hold Option key, select USB"
+echo "  3. If NIC not found, repeat with snponly-x64.efi"

build.sh

@@ -0,0 +1,121 @@
+#!/usr/bin/env bash
+# =============================================================================
+# iPXE build script
+#
+# Usage:
+#   ./build.sh [OPTIONS]
+#
+# Options:
+#   -p, --platform <name>   Platform to build (default: efi-x64)
+#   -e, --embed    <file>   iPXE script to embed (default: none)
+#   -o, --output   <dir>    Output directory (default: ./build)
+#   -j, --jobs     <n>      Parallel jobs (default: nproc)
+#   -h, --help              Show this help
+#
+# Platforms:
+#   efi-x64     x86-64 UEFI EFI application  [bin-x86_64-efi/ipxe.efi]
+#   efi-ia32    32-bit UEFI EFI application   [bin-i386-efi/ipxe.efi]
+#   efi-arm64   AArch64 UEFI EFI application  [bin-arm64-efi/ipxe.efi]
+#   snp-x64     x86-64 SNP-only EFI binary    [bin-x86_64-efi/snponly.efi]
+#   bios        x86 legacy BIOS PXE           [bin/undionly.kpxe]
+#
+# Examples:
+#   ./build.sh
+#   ./build.sh -p efi-x64 -e boot.ipxe
+#   ./build.sh -p bios -o ./out
+#   ./build.sh -p efi-x64 -e boot.ipxe -j 8
+# =============================================================================
+set -euo pipefail
+
+# ── Defaults ─────────────────────────────────────────────────────────────────
+PLATFORM="efi-x64"
+EMBED=""
+OUTPUT_DIR="$(dirname "$0")/build"
+JOBS="$(nproc 2>/dev/null || sysctl -n hw.ncpu 2>/dev/null || echo 4)"
+SRC_DIR="$(dirname "$0")/src"
+
+# ── Colour helpers ────────────────────────────────────────────────────────────
+if [ -t 1 ]; then
+    C_BOLD='\033[1m'; C_GREEN='\033[0;32m'; C_CYAN='\033[0;36m'
+    C_YELLOW='\033[0;33m'; C_RED='\033[0;31m'; C_RESET='\033[0m'
+else
+    C_BOLD=''; C_GREEN=''; C_CYAN=''; C_YELLOW=''; C_RED=''; C_RESET=''
+fi
+
+info()  { echo -e "${C_CYAN}▶${C_RESET} $*"; }
+ok()    { echo -e "${C_GREEN}✔${C_RESET} $*"; }
+warn()  { echo -e "${C_YELLOW}⚠${C_RESET} $*"; }
+die()   { echo -e "${C_RED}✘${C_RESET} $*" >&2; exit 1; }
+
+# ── Argument parsing ──────────────────────────────────────────────────────────
+usage() {
+    sed -n '3,20p' "$0" | sed 's/^# \{0,1\}//'
+    exit 0
+}
+
+while [[ $# -gt 0 ]]; do
+    case $1 in
+        -p|--platform) PLATFORM="$2"; shift 2 ;;
+        -e|--embed)    EMBED="$2";    shift 2 ;;
+        -o|--output)   OUTPUT_DIR="$2"; shift 2 ;;
+        -j|--jobs)     JOBS="$2";     shift 2 ;;
+        -h|--help)     usage ;;
+        *) die "Unknown option: $1" ;;
+    esac
+done
+
+# ── Platform → make target ────────────────────────────────────────────────────
+case "$PLATFORM" in
+    efi-x64)   MAKE_TARGET="bin-x86_64-efi/ipxe.efi";    OUTPUT_NAME="ipxe-x64.efi"   ;;
+    efi-ia32)  MAKE_TARGET="bin-i386-efi/ipxe.efi";      OUTPUT_NAME="ipxe-ia32.efi"  ;;
+    efi-arm64) MAKE_TARGET="bin-arm64-efi/ipxe.efi";     OUTPUT_NAME="ipxe-arm64.efi" ;;
+    snp-x64)   MAKE_TARGET="bin-x86_64-efi/snponly.efi"; OUTPUT_NAME="snponly-x64.efi";;
+    bios)      MAKE_TARGET="bin/undionly.kpxe";           OUTPUT_NAME="undionly.kpxe"  ;;
+    *) die "Unknown platform: '$PLATFORM'. Run with --help for valid platforms." ;;
+esac
+
+# ── Validate inputs ───────────────────────────────────────────────────────────
+[[ -d "$SRC_DIR" ]] || die "src/ directory not found at $SRC_DIR"
+
+EMBED_ARG=""
+if [[ -n "$EMBED" ]]; then
+    # Resolve relative to repo root, not src/
+    EMBED_ABS="$(realpath "$EMBED" 2>/dev/null)" || die "Embed script not found: $EMBED"
+    [[ -f "$EMBED_ABS" ]] || die "Embed script not found: $EMBED"
+    EMBED_ARG="EMBED=$EMBED_ABS"
+    info "Embed script: $EMBED_ABS"
+fi
+
+# ── Build ─────────────────────────────────────────────────────────────────────
+mkdir -p "$OUTPUT_DIR"
+
+echo -e "${C_BOLD}Platform:${C_RESET} $PLATFORM  →  $MAKE_TARGET"
+echo -e "${C_BOLD}Jobs:${C_RESET}     $JOBS"
+echo -e "${C_BOLD}Output:${C_RESET}   $OUTPUT_DIR/$OUTPUT_NAME"
+echo ""
+
+info "Starting build…"
+
+make -C "$SRC_DIR" \
+    "$MAKE_TARGET"  \
+    $EMBED_ARG      \
+    -j "$JOBS"
+
+# ── Copy output ───────────────────────────────────────────────────────────────
+BUILT_BIN="$SRC_DIR/$MAKE_TARGET"
+[[ -f "$BUILT_BIN" ]] || die "Build succeeded but output not found: $BUILT_BIN"
+
+cp "$BUILT_BIN" "$OUTPUT_DIR/$OUTPUT_NAME"
+
+# Also write a sidecar with build info
+cat > "$OUTPUT_DIR/$OUTPUT_NAME.info" <<EOF
+platform=$PLATFORM
+target=$MAKE_TARGET
+embed=${EMBED:-none}
+built=$(date -u +"%Y-%m-%dT%H:%M:%SZ")
+git=$(git -C "$(dirname "$0")" describe --always --dirty 2>/dev/null || echo unknown)
+EOF
+
+echo ""
+ok "Built:  $OUTPUT_DIR/$OUTPUT_NAME"
+ok "Info:   $OUTPUT_DIR/$OUTPUT_NAME.info"

src/config/general.h

@@ -43,9 +43,9 @@ FILE_SECBOOT ( PERMITTED );
 #define DOWNLOAD_PROTO_TFTP	/* Trivial File Transfer Protocol */
 #define DOWNLOAD_PROTO_HTTP	/* Hypertext Transfer Protocol */
 #define DOWNLOAD_PROTO_HTTPS	/* Secure Hypertext Transfer Protocol */
-//#define DOWNLOAD_PROTO_FTP	/* File Transfer Protocol */
+#define DOWNLOAD_PROTO_FTP	/* File Transfer Protocol */
 //#define DOWNLOAD_PROTO_SLAM	/* Scalable Local Area Multicast */
-//#define DOWNLOAD_PROTO_NFS	/* Network File System Protocol */
+#define DOWNLOAD_PROTO_NFS	/* Network File System Protocol */
 
 /* Protocols supported only on platforms with filesystem abstractions */
 #if defined ( PLATFORM_efi )
@@ -101,7 +101,7 @@ FILE_SECBOOT ( PERMITTED );
 #define IMAGE_ARCHIVE_CMD	/* Archive image management commands */
 //#define IMAGE_CRYPT_CMD	/* Image encryption management commands */
 //#define IMAGE_MEM_CMD		/* Read memory command */
-//#define IMAGE_TRUST_CMD	/* Image trust management commands */
+#define IMAGE_TRUST_CMD	/* Image trust management commands */
 #define IPSTAT_CMD		/* IP statistics commands */
 #define IWMGMT_CMD		/* Wireless interface management commands */
 #define LOGIN_CMD		/* Login command */
@@ -182,8 +182,9 @@ FILE_SECBOOT ( PERMITTED );
 
 /* Image types supported only on EFI platforms */
 #if defined ( PLATFORM_efi )
-  #define IMAGE_EFI		/* EFI image support */
-  #define IMAGE_EFISIG		/* EFI signature list image support */
+  #define IMAGE_EFI		   /* EFI image support */
+  #define IMAGE_EFISIG	 /* EFI signature list image support */
+  #define IMAGE_LINUX    /* Linux kernel via EFI stub */
 #endif
 
 /* Image types supported only on RISC-V SBI platforms */