A method for authenticating clients and boot server hosts to provide a secure network boot environment. Messages are exchanged between a client and a boot server or authentication server proxy for the boot server during pre-boot operations of the client to authentic the boot server and the client. In one embodiment, authentication is performed by comparing shared secrets stored on each of the client and the boot server or authentication proxy. The shared secret comprises authentication credentials that may be provisioned by an administrator, user, or by the client itself via a trusted platform module. Authentication provisioning schemes include an Extensible Authentication Protocol (EAP) exchange. In one embodiment, authentication is performed during the pre-boot via an authenticated Dynamic Host Configuration Protocol (DHCP) process. The scheme provides a faster and more simplified authentication mechanism, without requiring extensive set-up for IT administrators or significantly changing the login and OS boot user experience.