Add Secure Boot for Satellite and RHEL

guides/common/assembly_using-pxe-to-provision-hosts.adoc

@@ -11,7 +11,6 @@ include::modules/proc_creating-hosts-with-pxeless-provisioning.adoc[leveloffset=
 
 include::modules/proc_creating-hosts-with-uefi-http-boot-provisioning.adoc[leveloffset=+1]
 
-ifndef::satellite[]
 :extract_deb_prefix: cd /tmp && ar x /tmp
 :extract_deb_xz_suffix: && tar -xf data.tar.xz && cd -
 :extract_deb_zst_suffix: && tar --use-compress-program=unzstd -xf data.tar.zst && cd -
@@ -21,6 +20,7 @@ ifndef::satellite[]
 :parent-client-pkg-ext: {client-pkg-ext}
 :secureboot-os-name: My_Operating_System_In_Lowercase
 
+ifndef::satellite[]
 :client-os-context: almalinux
 :client-os: AlmaLinux
 :client-pkg-ext: rpm
@@ -65,7 +65,24 @@ include::modules/proc_configuring-smart-proxy-to-provision-secure-boot-enabled-h
 :extract_grub: {extract_rpm_prefix}/{grub_efi_downloaded_package_name} {extract_rpm_suffix}
 :extract_shim: {extract_rpm_prefix}/{shim_efi_downloaded_package_name} {extract_rpm_suffix}
 include::modules/proc_configuring-smart-proxy-to-provision-secure-boot-enabled-hosts.adoc[leveloffset=+1]
+endif::[]
 
+:client-os-context: rhel
+:client-os: {RHEL}
+:client-pkg-ext: rpm
+:grub_efi_download_url: https://access.redhat.com/downloads/content/package-browser[Package browser] on the Red{nbsp}Hat Customer Portal
+:grub_efi_downloaded_package_name: grub2-efi-x64.rpm
+:grub_efi_package_name: grub2-efi-x64
+:grub_efi_tmp_binary_path: /tmp/boot/efi/EFI/{client-os-context}/grubx64.efi
+:shim_efi_download_url: https://access.redhat.com/downloads/content/package-browser[Package browser] on the Red{nbsp}Hat Customer Portal
+:shim_efi_downloaded_package_name: shim-x64.rpm
+:shim_efi_package_name: shim-x64
+:shim_efi_tmp_binary_path: /tmp/boot/efi/EFI/{client-os-context}/shimx64.efi
+:extract_grub: {extract_rpm_prefix}/{grub_efi_downloaded_package_name} {extract_rpm_suffix}
+:extract_shim: {extract_rpm_prefix}/{shim_efi_downloaded_package_name} {extract_rpm_suffix}
+include::modules/proc_configuring-smart-proxy-to-provision-secure-boot-enabled-hosts.adoc[leveloffset=+1]
+
+ifndef::satellite[]
 :client-os-context: ubuntu
 :client-os: Ubuntu
 :client-pkg-ext: deb
@@ -80,6 +97,7 @@ include::modules/proc_configuring-smart-proxy-to-provision-secure-boot-enabled-h
 :extract_grub: {extract_deb_prefix}/{grub_efi_downloaded_package_name} {extract_deb_zst_suffix}
 :extract_shim: {extract_deb_prefix}/{shim_efi_downloaded_package_name} {extract_deb_xz_suffix}
 include::modules/proc_configuring-smart-proxy-to-provision-secure-boot-enabled-hosts.adoc[leveloffset=+1]
+endif::[]
 
 // reset global attributes
 :client-os: {parent-client-os}
@@ -103,7 +121,6 @@ include::modules/proc_configuring-smart-proxy-to-provision-secure-boot-enabled-h
 :!shim_efi_downloaded_package_name:
 :!shim_efi_package_name:
 :!shim_efi_tmp_binary_path:
-endif::[]
 
 include::modules/proc_deploying-ssh-keys-during-provisioning.adoc[leveloffset=+1]
 :!using-pxe-to-provision-hosts:

guides/common/modules/con_using-pxe-to-provision-hosts.adoc

@@ -43,22 +43,23 @@ In {Project} provisioning, the PXE loader option defines the DHCP `filename` opt
 * For BIOS systems, select the *PXELinux BIOS* option to enable a provisioned host to download the `pxelinux.0` file over TFTP.
 * For UEFI systems, select the *Grub2 UEFI* option to enable a TFTP client to download `grubx64.efi` file, or select the *Grub2 UEFI HTTP* option to enable an UEFI HTTP client to download `grubx64.efi` with the HTTP Boot feature.
 
-ifndef::satellite[]
 {ProjectName} supports UEFI Secure Boot.
 SecureBoot PXE loaders enable a client to download the `shim.efi` bootstrap boot loader that then loads the signed `grubx64.efi`.
 Use the *Grub2 UEFI SecureBoot* PXE loader for PXE-boot provisioning or *Grub2 UEFI HTTPS SecureBoot* for HTTP-boot provisioning.
 
 By default, you can provision operating systems from the vendor of the operating system of your {ProjectServer} on Secure Boot enabled hosts.
 To provision operating systems on Secure Boot enabled hosts from different vendors, you have to provide signed shim and GRUB2 binaries provided by the vendor of your operating system.
-ifndef::orcharhino[]
+ifdef::satellite[]
+For more information, see xref:configuring-{smart-proxy-context}-to-provision-rhel-on-Secure-Boot-enabled-hosts[].
+endif::[]
+ifndef::orcharhino,satellite[]
 For more information, see:
 
 * xref:configuring-{smart-proxy-context}-to-provision-almalinux-on-Secure-Boot-enabled-hosts[]
 * xref:configuring-{smart-proxy-context}-to-provision-debian-on-Secure-Boot-enabled-hosts[]
 * xref:configuring-{smart-proxy-context}-to-provision-rocky-on-Secure-Boot-enabled-hosts[]
 * xref:configuring-{smart-proxy-context}-to-provision-ubuntu-on-Secure-Boot-enabled-hosts[]
 endif::[]
-endif::[]
 
 ifdef::satellite[]
 For more information about supported workflows, see https://access.redhat.com/solutions/2674001[Supported architectures and provisioning scenarios].

guides/common/modules/proc_configuring-smart-proxy-to-provision-secure-boot-enabled-hosts.adoc

@@ -11,7 +11,12 @@ To provision {client-os} on Secure Boot enabled hosts with the *Grub2 UEFI Secur
 You have to perform the following configuration steps on each TFTP {SmartProxy} for a subnet to provision Secure Boot enabled hosts on that subnet.
 ====
 
+ifdef::satellite[]
+{client-os} supports Secure Boot on x86_64 architecture only.
+endif::[]
+ifndef::satellite[]
 The following example works for {client-os} on x86_64 architecture.
+endif::[]
 
 .Prerequisites
 ifeval::["{client-os}" == "Debian"]