No iPXE SecureBoot is certainly hurting us right now.
All of our machines have SecureBoot enabled. Unfortunately, you can only disable that from the BIOS console of the system itself. PXE UEFI SecureBoot doesn't exist. Our campus is closed. Has anyone devised a workaround?
Answers (3)
You install the Software (either Windows or if it's a KBE, you install it into the KBE (WinPE) (Read the KACE Admin guide).
Then you use a shell command to query info.
For example, this is a DELL Precision M3800 with Secure Boot Disabled:
I would recommend testing READ\Query commands first like these ^^, to make sure it works!
Sometimes, new models are not compatible with CCTK... Make sure you are an admin.
Once I confirmed I can pull values from the BIOS, I used a Write Sentence:
Source:
https://topics-cdn.dell.com/pdf/command-configure-v41_reference-guide_en-us.pdf
Hopefully this is clear enough, in regards the Graphic Console, no idea.... I only learned the CLI, it's possible the UI has less options.
Comments:
-
Well, this is good information to help someone ENABLE SecureBoot with the CLI. But, as in my OP, the goal I'm seeking is to DISABLE SecureBoot programatically, either by CLI or script. - RD94 4 years ago
-
I know, this is an old post, but... getting well documented information about the process with an EXAMPLE, but still complaining, that's beyond me. and if you need to be spoonfeeded with a solution, you really shouldn't mess around with BIOS settings of the whole campus IT... - ChristianMRZ 3 years ago
About PXE... sadly not there yet.. I use USB KBEs https://www.itninja.com/blog/view/how-to-uefi-boot-with-secure-boot-on-the-sda-with-usb
I did run into some difficulty with some older computers whose bios did not seem to be compatible with the newest version of the Command Configure utility, but if the computer shipped with Windows 8 or above they seemed to be compatible.
Also, you can check if Secure Boot is enabled with the powershell commamd:
Confirm-SecureBootUEFI
This will return True or False. - JordanNolan 4 years ago
That means, not via clicks, but via CLI works fine. - Channeler 4 years ago
"Invalid Argument for the provided option 'SecureBoot' SecureBoot: If enabled, BIOS should only perform Secure Boot authentication and boot in UEFI mode without loading Compatibility Support Module (CSM). BIOS refers to this setting to decide on the POST behavior. You can disable this feature from BIOS setup screen. Arguments: Enabled."
If I'm doing something wrong, please enlighten me. - RD94 4 years ago