Historically PXE dominates network boot, relying on DHCP and clear‑text TFTP, which complicates configuration and security. Modern UEFI firmware supports HTTP(S), letting machines fetch boot loaders over encrypted TLS. The author demonstrates this on Ubuntu 26.04 using QEMU 1:10.2.1+ds‑1ubuntu3 and OVMF 2025.11‑3ubuntu7, pulling the netboot.xyz snponly EFI from its official site. It avoids separate DHCP/TFTP servers and uses existing TLS.

The first attempt fails because OVMF’s network stack expects a random‑number generator device; without it the boot manager reports no bootable option. Adding a virtio‑rng PCI device or enabling host CPU RNG satisfies the EFI RNG protocol dependency declared in NetworkPkg’s Depex. The fix also shows EFI’s dependency graph can be inspected via DEBUG_DISPATCH flags. Once the RNG is present, HTTP boot proceeds.

A refined QEMU command disables legacy PXE via firmware config flags and adds the RNG, reducing the boot sequence to about five seconds. The line includes –fw_cfg settings for IPv4PXESupport and IPv6PXESupport set to “no”, and points the NIC’s bootfile to the netboot.xyz URL. Pre‑set the same UEFI variables on hardware, making the method portable beyond emulation.