How to boot BCVE encrypted system from the network

BCVE boot with two-factor authentication

In two-factor authentication mode BCVE transfers encryption keys to external location and erases them locally. Thus it needs an external boot loader to boot with encryption keys. BCVE uses Syslinux family of boot loaders for this purpose.

Syslinux family support booting from USB flash, network (PXE), CD/DVD media. BCVE creates universal boot file capable of booting from all the sources above. It also makes ready to use bootable USB flash disks and CD/DVD disk images. Unlike them, the network boot environment for BCVE has to be configured manually.

Preparing the environment

In order to boot computer from the network you need to configure appropriate network environment. Detailed description of setup and configuration can be found at the Syslinux site.

Configuring BCVE for boot from the network

  1. Get your computer's MAC address:
  2. Create BCVE boot file BootImage.bin
  3. Download PXELinux package.
  4. Unpack into the root of your TFTP server
  5. Copy pxelinux.cfg/01-aa-bb-cc-dd-ee-ff file and replace 'aa-bb-cc-dd-ee-ff' with your physical address
  6. Create unique directory for boot file; we recommend to use your physical address as the directory name
  7. Copy the Bootimage.bin boot file to the newly created folder
  8. Open the newly created configuration file and correct the path to the Bootimage.bin file
  9. Set following options in your DHCP server:
  10. Boot your computer from the network