Secure boot Dell hardware to Kace K2000 - information - resources - anything?
Hello all -
I have just learned from our Dell reps that future Dell desktop systems will not be able to disable secure boot in the bios. It also appears that the Kace K2000 still can't do secure boot. See:
https://kace.uservoice.com/forums/82717-sda-k2000/suggestions/17791252-uefi-secure-boot
Given this and the extremely short time frame I have to purchase the systems I need, I am resorting to purchasing nearly end-of-life hardware on which we can still disable the secure boot setting in the bios for this year.
I am clearly missing something that I need to learn quickly. So, I'm asking all of you if you have any experience with this. If the Kace K2000 isn't going to do secure boot, what other deployment options are available that will do this? A few years back, when the Apple hardware required a version of secured booting, that drove me to using an MDM platform for my deployments. Am I now at the same point for our windows hardware?
Any and all helpful suggestions, pointers, resources, etc would be gratefully received.
Thank you,
- Lynna Jackson @ Williams College
Answers (6)
From what I understand by talking with KACE they are fighting to get their certificate going with MS so then we can do PXE with Secure Boot enabled. For now you could use this as a workaround https://www.itninja.com/blog/view/how-to-uefi-boot-with-secure-boot-on-the-sda-with-usb
Comments:
-
This has been a thing in the works for a while now... It is going to be a hard requirement for windows 11 as well. Are there specific barriers quest is encountering? - Kiyolaka 3 years ago
-
As you can see on the uservoice that I reference in my post it seems more of a MS bureaucracy thing, but yeah.. that works - RandomITdude24 3 years ago
Did you ever get an answer to this? I am running into the same issue trying to deploy Windows 11.
Comments:
-
As I answered before, Quest is fighting to get their certificate from MS to work with PXE Secure boot, but you can use my article and do the deployment with USB KBE - RandomITdude24 3 years ago
Based on the release notes of today SDA is finally fully supporting secure Boot devices it's listed under the new functions as (ESMEA-3318).
And finally we have the IBM/Lenovo and HP Driverfeed.
Have to test this at once...
@SporrerS1977 do you have a direct link to the release notes in question?
Comments:
-
https://support.quest.com/technical-documents/kace-systems-deployment-appliance/9.0%20common%20documents/release-notes - JasonEgg 2 years ago
Hello All -
As others have said, as of this morning Quest has a new version of the K2000 deployment appliance that reports a new feature of:
"Support for PCs with Secure Boot enabled in UEFI. "
See the link provided at:
I haven't tested this yet myself so I can't claim to have first hand knowledge that this works. If someone does test it, please post a quick update to confirm this is working for you or not.
Thanks again for helping to move this along.
- Lynna
It's working fine for KACE SDA\RSA version 9.0
Make sure your DHCP option 67 is requesting the ipxe.efi file, and you are booting from an UEFI source in your Device Boot Options
Strange, the certification process for secure boot, is entirely managed\supervised by Microsoft itself.
Doing that will force everyone to jump the ring in order to boot stuff... (Secure boot prevents other boot methods from working, not just PXE).
And that will lock-out from PXE booting... open source solutions or homebrewed software, because they will need to spend $$$$$ to get that certification from MS. - Channeler 3 years ago