Hybrid boot for system reimaging

What is claimed: 1 . A mobile device comprising: a processor; and a memory device that stores program code structured to cause the processor to: provide, to a target device, a boot file configured to execute an intermediate operating system; obtain key derivation data from the intermediate operating system; generate, based on an encryption key derived from the key derivation data, transfer information associated with at least a first restricted-access portion of a customized system image; and provide, to the intermediate operating system, the transfer information to cause the intermediate operating system to obtain the first restricted-access portion of the customized system image and reimage the target device based at least on the first restricted-access portion of the customized system image. 2 . The mobile device of claim 1 , wherein, to provide the boot file to the target device, the program code is further structured to cause the processor to perform at least one of: host a boot server to serve the boot file based on a file transfer protocol; transfer the boot file to a storage device connectable to the target device; or provide location information identifying a download source for the boot file. 3 . The mobile device of claim 1 , wherein the program code is further structured to cause the processor to: determine, based on a user presence check, that the target device is in proximity to the mobile device, wherein the key derivation data is obtained from the intermediate operating system during the user presence check. 4 . The mobile device of claim 1 , wherein, to obtain the key derivation data from the intermediate operating system, the program code is further structured to cause the processor to perform at least one of: scan an image encoded the key derivation data and displayed, by the intermediate operating system, on a display associated with the target device; receive the key derivation data over a personal area network (PAN); detect an audio signal encoded with the key derivation data; or receive user input of the key derivation data, the key derivation data displayed, by the intermediate operating system, on a display associated with the target device. 5 . The mobile device of claim 1 , wherein the program code is further structured to cause the processor to: authenticate a user; and request security information, the security information enabling authenticated access of the first restricted-access portion of the customized system image at a system image server, wherein the transfer information comprises location information associated with the system image server and the security information. 6 . The mobile device of claim 5 , wherein, to generate the transfer information, the program code is structured to cause the processor to: encrypt at least the security information based on the encryption key derived from the key derivation data, wherein said provide, to the intermediate operating system, the transfer information further causes the intermediate operating system to decrypt, based on a decryption key derived from the key derivation data, the transfer information to obtain the security information, and download the first restricted-access portion of the customized system image based at least on the security information. 7 . The mobile device of claim 5 , wherein the customized system image comprises at least one of: a system image customized for the authenticated user; a system image customized for a group or role associated with the authenticated user; a system image that includes a set of applications specific to the authenticated user; a system image that includes a set of applications specific for a group or role associated with the authenticated user; a system image that incorporates user settings for a group or role associated with the authenticated user; or a system image that incorporates user preferences associated with the authenticated user. 8 . The mobile device of claim 1 , wherein said provide, to the intermediate operating system, transfer information further causes the intermediate operating system to: download, from a publicly accessible source, a second publicly accessible portion of the customized system image, the second publicly accessible portion of the customized system image comprising a base system image. 9 . A method comprising: providing, by a mobile device, a boot file to a target device, the boot file configured execute an intermediate operating system on the target device; obtaining, by the mobile device, key derivation data from the intermediate operating system; generating, based on an encryption key derived from the key derivation data, transfer information associated with at least a first restricted-access portion of a customized system image; and providing, to the intermediate operating system, the transfer information to cause the intermediate operating system to obtain the first restricted-access portion of the customized system image and reimage the target device based at least on the first restricted-access portion of the customized system image. 10 . The method of claim 9 , wherein said providing, by the mobile device, the boot file to the target device comprises at least one of: hosting, by the mobile device, a boot server to serve the boot file over a network; transferring, by the mobile device, the boot file to a storage device connectable to the target device; or providing, by the mobile device, location information identifying a download source for the boot file. 11 . The method of claim 9 , further comprising: determining, based on a user presence check, that the target device is in proximity to the mobile device, wherein the key derivation data is obtained from the intermediate operating system during the user presence check. 12 . The method of claim 9 , wherein said obtaining, by the mobile device, key derivation data from the intermediate operating system comprises at least one of: scanning an image encoded with the key derivation data and displayed, by the intermediate operating system, on a display associated with the target device; receiving the key derivation data over a personal area network (PAN); detecting an audio signal encoded with the key derivation data; or receiving user input of the key derivation data, the key derivation data displayed, by the intermediate operating system, on the display associated with the target device. 13 . The method of claim 9 , further comprising: authenticating, by the mobile device, a user; and requesting, by the mobile device, security information, the security information enabling authenticated access of the first restricted-access portion of the customized system image at a system image server, wherein the transfer information comprises location information associated with the system image server and the security information. 14 . The method of claim 9 , wherein said providing, to the intermediate operating system, transfer information further causes the intermediate operating system to: download, from a publicly accessible source, a second publicly accessible portion of the customized system image, the second publicly accessible portion of the customized system image comprising a base system image. 15 . A computer-readable storage medium comprising computer-executable instructions that, when executed by a processor of a mobile device, cause the processor to: provide, to a target device, a boot file configured to execute an intermediate operating system; obtain key derivation data from the intermediate operatin