Assign TFTP server?

[stevenshiau]

We use Dnsmasq to replay the network boot service (PXE and uEFI network boot), for PXE, the pxelinux.0 works. However, with uEFI, if the secure boot is enabled, it fails. This is due to this issue:
http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2017q1/thread.html#11125
Dnsmasq won't be able to relay the tftp service for uEFI netboot client. When we disable secure boot, and use the following command to create a grubx64.efi by embedding the tftp server, for example:
grub-mkimage -C xz -O x86_64-efi -o /tftpboot/nbi_img/bootx64.efi --prefix='(tftp)/grub-efi.cfg/' -c /tmp/grub-efi.tmp/grub-header.cfg normal tftp efinet chain echo net gzio xzio linux efi_gop efi_uga png gfxterm gfxterm_background gfxterm_menu serial part_gpt part_msdos boot multiboot progress search ext2 xfs reiserfs jfs hfsplus fat ntfs configfile test sleep tr reboot halt
The contents of /tmp/grub-efi.tmp/grub-header.cfg:
*****************************************************.
set prefix=(tftp,192.168.120.12)/grub-efi.cfg
echo "Grub CPU and platform: $grub_cpu, $grub_platform"
echo 'Network status: '
net_ls_cards
net_ls_addr
net_ls_routes
[snipped]
*****************************************************.
Then uEFI netboot client is able to get the required files (e.g. grubx64.efi, and unicode.pf2) from the tftp server 192.168.120.12.

How can we do the similar thing for shim if it's signed? Is that possible we can pass the tftp server to shim without recompiling and signing it?

Thank you very much.

[stevenshiau]

Is there anything I can do to make this work?
Thank you very much.

Steven