/build/static/layout/Breadcrumb_cap_w.png

Secure boot Dell hardware to Kace K2000 - information - resources - anything?

Hello all -


I have just learned from our Dell reps that future Dell desktop systems will not be able to disable secure boot in the bios. It also appears that the Kace K2000 still can't do secure boot. See:

https://kace.uservoice.com/forums/82717-sda-k2000/suggestions/17791252-uefi-secure-boot

Given this and the extremely short time frame I have to purchase the systems I need, I am resorting to purchasing nearly end-of-life hardware on which we can still disable the secure boot setting in the bios for this year.


I am clearly missing something that I need to learn quickly. So, I'm asking all of you if you have any experience with this. If the Kace K2000 isn't going to do secure boot, what other deployment options are available that will do this? A few years back, when the Apple hardware required a version of secured booting, that drove me to using an MDM platform for my deployments.  Am I now at the same point for our windows hardware? 


Any and all helpful suggestions, pointers, resources, etc would be gratefully received.


Thank you,

- Lynna Jackson @ Williams College


3 Comments   [ + ] Show comments
  • We're very interested in this as well. I see that the uservoice entry was marked "PLANNED" in Feb 2020 but I did not see this in the v8.1 release notes. Since "the squeaky wheel gets the grease" I would suggest opening a support ticket (and I'll do that as well). - JasonEgg 3 years ago
  • "I have just learned from our Dell reps that future Dell desktop systems"
    Strange, the certification process for secure boot, is entirely managed\supervised by Microsoft itself.

    Doing that will force everyone to jump the ring in order to boot stuff... (Secure boot prevents other boot methods from working, not just PXE).

    And that will lock-out from PXE booting... open source solutions or homebrewed software, because they will need to spend $$$$$ to get that certification from MS. - Channeler 3 years ago
  • From what I understand by talking with KACE they are fighting to get their certificate going with MS so then we can do PXE with Secure Boot enabled. For now you could use this as a workaround https://www.itninja.com/blog/view/how-to-uefi-boot-with-secure-boot-on-the-sda-with-usb - RandomITdude24 3 years ago

Answers (6)

Posted by: RandomITdude24 3 years ago
4th Degree Black Belt
1

From what I understand by talking with KACE they are fighting to get their certificate going with MS so then we can do PXE with Secure Boot enabled. For now you could use this as a workaround https://www.itninja.com/blog/view/how-to-uefi-boot-with-secure-boot-on-the-sda-with-usb


Comments:
  • This has been a thing in the works for a while now... It is going to be a hard requirement for windows 11 as well. Are there specific barriers quest is encountering? - Kiyolaka 3 years ago
    • As you can see on the uservoice that I reference in my post it seems more of a MS bureaucracy thing, but yeah.. that works - RandomITdude24 2 years ago
Posted by: Fred Weston 2 years ago
Orange Belt
0

Did you ever get an answer to this?  I am running into the same issue trying to deploy Windows 11.


Comments:
  • As I answered before, Quest is fighting to get their certificate from MS to work with PXE Secure boot, but you can use my article and do the deployment with USB KBE - RandomITdude24 2 years ago
Posted by: SporrerS1977 2 years ago
Yellow Belt
0

Based on the release notes of today SDA is finally fully supporting secure Boot devices it's listed under the new functions as (ESMEA-3318).

And finally we have the IBM/Lenovo and HP Driverfeed.

Have to test this at once...

Posted by: Fred Weston 2 years ago
Orange Belt
0

@SporrerS1977 do you have a direct link to the release notes in question?


Comments:
  • https://support.quest.com/technical-documents/kace-systems-deployment-appliance/9.0%20common%20documents/release-notes - JasonEgg 2 years ago
Posted by: lynnaj 2 years ago
Senior Yellow Belt
0

Hello All - 

As others have said,  as of this morning Quest has a new version of the K2000 deployment appliance that reports a new feature of:

"Support for PCs with Secure Boot enabled in UEFI. "


See the link provided at: 

https://support.quest.com/technical-documents/kace-systems-deployment-appliance/9.0%20common%20documents/release-notes


I haven't tested this yet myself so I can't claim to have first hand knowledge that this works.  If someone does test it, please post a quick update to confirm this is working for you or not.


Thanks again for helping to move this along.


- Lynna

Posted by: Channeler 2 years ago
Red Belt
0

It's working fine for KACE SDA\RSA version 9.0

Make sure your DHCP option 67 is requesting the ipxe.efi  file, and you are booting from an UEFI source in your Device Boot Options

 
This website uses cookies. By continuing to use this site and/or clicking the "Accept" button you are providing consent Quest Software and its affiliates do NOT sell the Personal Data you provide to us either when you register on our websites or when you do business with us. For more information about our Privacy Policy and our data protection efforts, please visit GDPR-HQ