Urm - so ...
"Nominally yes" -- the PXE boot menu *CAN* be customised.
But since this is just a "boot & nuke" option, I'd argue it'd be better / safer to keep this as a public/anonymous script option in the PXE boot menu (if that's all you're doing). No point in re-inventing the wheel, and editing the PXE boot menu is something that isn't too hard to get wrong.
I would generally advise against a "straight up" PXE option that results in a wiped device purely on account of "never underestimate the levels of stupid from some users" ... so having that "WIPE the device" option being behind a key set of people / credentials tends to lower blood pressure and stress. Because it will be your fault (somehow) even though users clicked on things that they weren't supposed to .
But - again - if you do want to have this thing, while you CAN customise the PXE boot menu, I don't see any real reason to, unless the DBAN stuff does things beyond what a bit of googling seemed to indicate (which seems to be just a "wipe the HD" ... which you can already do via provisioning actions anyway).
Thank you for your response.
Could you explain how to add "as a public/anonymous script option in the PXE boot menu" ?
Well - you need to be on IEM 2016.x or newer (just noticed you're on 9.6).
Given then 9.6 is going EOL soon, you may want to look at up-lifting that anyway.
All the rest is explained here -- How to allow anonymous login public templates .
Thank you I'll try that after our 9.6 to IEM upgrade