/build/static/layout/Breadcrumb_cap_w.png

No iPXE SecureBoot is certainly hurting us right now.

All of our machines have SecureBoot enabled.  Unfortunately, you can only disable that from the BIOS console of the system itself.  PXE UEFI SecureBoot doesn't exist.  Our campus is closed.  Has anyone devised a workaround?

Asked 4 years ago 622 views
2 Comments   [ + ] Show comments
  • If these are Dell machines you can use the Dell Command Configure Took Kit (CCTK.exe) to configure Bios settings through Windows. I just started to use this to configure WOL settings for some computers, but there are settings to enable or disable secure boot.

    I did run into some difficulty with some older computers whose bios did not seem to be compatible with the newest version of the Command Configure utility, but if the computer shipped with Windows 8 or above they seemed to be compatible.

    Also, you can check if Secure Boot is enabled with the powershell commamd:

    Confirm-SecureBootUEFI

    This will return True or False. - JordanNolan 4 years ago
  • Latest version of CCTK.exe only has options to enable SecureBoot. From the website, "NOTE: You cannot disable secure boot using the Dell Command | Configure user interface. One of the methods of disabling secureboot is from the BIOS setup screen." - RD94 4 years ago
    • That message has been in CCTK since version 3.0 or 4.0. That's telling you, you can only do it from Shell or PowerShell Scripts.

      That means, not via clicks, but via CLI works fine. - Channeler 4 years ago
      • Everytime I try it from the shell, --secureboot=disable, or secureboot=disabled, I get a...

        "Invalid Argument for the provided option 'SecureBoot' SecureBoot: If enabled, BIOS should only perform Secure Boot authentication and boot in UEFI mode without loading Compatibility Support Module (CSM). BIOS refers to this setting to decide on the POST behavior. You can disable this feature from BIOS setup screen. Arguments: Enabled."

        If I'm doing something wrong, please enlighten me. - RD94 4 years ago

Answers (3)

Posted by: Channeler 4 years ago
Red Belt
2

Endorsed by Nick The Ninja

You install the Software (either Windows or if it's a KBE, you install it into the KBE (WinPE) (Read the KACE Admin guide).

Then you use a shell command to query info.

For example, this is a DELL Precision M3800 with Secure Boot Disabled:
3+wxynWp9s+5AAAAABJRU5ErkJggg==

I would recommend testing READ\Query commands first like these ^^, to make sure it works!
Sometimes, new models are not compatible with CCTK...  Make sure you are an admin.

Once I confirmed I can pull values from the BIOS, I used a Write Sentence:

yCtpQAAAAASUVORK5CYII=

Source:
https://topics-cdn.dell.com/pdf/command-configure-v41_reference-guide_en-us.pdf

Hopefully this is clear enough, in regards the Graphic Console, no idea.... I only learned the CLI, it's possible the UI has less options.

Comments:
  • Well, this is good information to help someone ENABLE SecureBoot with the CLI. But, as in my OP, the goal I'm seeking is to DISABLE SecureBoot programatically, either by CLI or script. - RD94 4 years ago
    • I know, this is an old post, but... getting well documented information about the process with an EXAMPLE, but still complaining, that's beyond me. and if you need to be spoonfeeded with a solution, you really shouldn't mess around with BIOS settings of the whole campus IT... - ChristianMRZ 2 years ago
Posted by: someoneNew 2 years ago
White Belt
0

Here is a PowerShell module that does what you want. I found it in one search when I was looking into this at my job as well... https://lmgtfy.app/?q=dell+bios+settings+powershell

Posted by: RandomITdude24 2 years ago
4th Degree Black Belt
0

About PXE... sadly not there yet.. I use USB KBEs https://www.itninja.com/blog/view/how-to-uefi-boot-with-secure-boot-on-the-sda-with-usb

 
This website uses cookies. By continuing to use this site and/or clicking the "Accept" button you are providing consent Quest Software and its affiliates do NOT sell the Personal Data you provide to us either when you register on our websites or when you do business with us. For more information about our Privacy Policy and our data protection efforts, please visit GDPR-HQ