pfSense

PXE had an epic run, but it's deprecation has been planned by major silicon vendors and UEFI HTTPS boot is the replacement. The pfsense UI and dhcpd config only need to be modified slightly to enable support along side the existing PXE options - as that's likely to continue to be used for the next few years.

We essentially need a stanza in the dhcp config to match HTTPClient (60) and pass (67) filename of the NBP via http/https. So it's similar to PXE except there's no dependency on TFTP and can work with things like secure boot and leverage certificates loaded in the firmware. Looks like a user has previously played with this but I can't find an issue filed for it. https://forum.netgate.com/topic/131851/how-to-configure-dhcp-for-httpclient

class "httpclients" {
        option vendor-class-identifier "HTTPClient";
        match if substring (option vendor-class-identifier, 0, 10) = "HTTPClient";
            filename "http://mywebserverip/boot/grub/x86_64-efi/core.efi";
      }

for reference:
UEFI HTTPS boot background info: https://edk2-docs.gitbook.io/getting-started-with-uefi-https-boot-on-edk-ii/introduction
Suse's "how to" docs: https://en.opensuse.org/UEFI_HTTPBoot_Server_Setup