PXE Secure Exam Browser Setup

I need a complete, hands-off PXE boot workflow that brings any machine—Windows or Linux—directly into a locked-down browser session pointed at [login to view URL] Scope • Build or provide a lightweight boot image (iPXE, TinyCore, custom initrd, etc.) that loads over DHCP/TFTP, then launches a hardened browser in kiosk mode. • The browser must enforce maximum security: full-disk RAM-based encryption, no local storage persistence, disabled developer tools, copy/paste blocked, and multi-factor authentication when the page requests it (e.g., FIDO2 or OTP prompt must pass through cleanly). • All network traffic must tunnel through TLS 1.3; any non-HTTPS calls should be dropped by default iptables/Windows firewall rules baked into the image. • The solution has to boot reliably across mixed firmware (BIOS + UEFI) and on both legacy PXE and iPXE chains, so students don’t have to change anything in their BIOS. • Provide a simple way for me to update the browser or certificates without regenerating the entire image. Deliverables & sign-off criteria – Bootable PXE image and menu entry tested on at least one Windows laptop and one Linux desktop. – Step-by-step deployment notes (DHCP options, TFTP folder tree, firewall ports, upgrade procedure). – Demonstration video or screenshots showing the kiosk browser auto-launching, authenticating with MFA, and preventing exit to the underlying OS. When you reply, focus on relevant experience rolling out secure PXE or thin-client solutions; that’s the main thing I’ll review.

Project ID: 39718112