From c2424458b92b14d89ea0ea7e18a614ded9bbda8e Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Timoth=C3=A9e=20Ravier?= <tim@siosm.fr>
Date: Thu, 16 May 2024 12:08:29 +0200
Subject: [PATCH] docs/cosa/run: Add PXE with Shim and UEFI Secure Boot example

Fixes: https://github.com/coreos/coreos-assembler/issues/3804
---
 docs/cosa/run.md | 32 ++++++++++++++++++++++++++++++++
 1 file changed, 32 insertions(+)

diff --git a/docs/cosa/run.md b/docs/cosa/run.md
index 729b8bc336..b6172eb104 100644
--- a/docs/cosa/run.md
+++ b/docs/cosa/run.md
@@ -285,3 +285,35 @@ And point to it and the `core.0` binary:
 ```
 $ cosa run -c --netboot-dir tmp/grub-netboot --netboot boot/grub2/i386-pc/core.0 -m 4096
 ```
+
+### GRUB (Secure Boot)
+
+1. Download a kernel, initramfs, rootfs, shim and GRUB binary
+3. Create an empty disk image (bug in kola): `touch disk.img`
+4. Setup `grub.cfg`
+5. Netboot the result. Be patient as TFTP is slow.
+
+```
+$ tree pxe
+pxe
+├── disk.img
+├── grub.cfg
+├── grubx64.efi
+├── rhcos-4.14.0-x86_64-live-combined.x86_64.img
+├── rhcos-4.14.0-x86_64-live-initramfs.x86_64.img
+├── rhcos-4.14.0-x86_64-live-kernel-x86_64
+├── rhcos-4.14.0-x86_64-live-rootfs.x86_64.img
+└── shim.efi
+
+$ cat pxe/grub.cfg
+default=0
+timeout=1
+menuentry "CoreOS (BIOS/UEFI)" {
+        echo "Loading kernel"
+        linux /rhcos-4.14.0-x86_64-live-kernel-x86_64 ignition.firstboot ignition.platform.id=metal console=ttyS0 ignition.config.url=<URL>
+        echo "Loading initrd + rootfs"
+        initrd rhcos-4.14.0-x86_64-live-initramfs.x86_64.img rhcos-4.14.0-x86_64-live-rootfs.x86_64.img
+}
+
+$ cosa run -c --netboot pxe/shim.efi -m 4096 --qemu-firmware uefi-secure --qemu-image pxe/disk.img
+```