FOGProject/fogproject

Windows 11 with Secure Boot doesn't work

CBRocker opened this issue · 2 comments

CBRocker commented

Hi,

Facts:
FOG Version 1.5.10
FOG Dev. Version: 1.5.10.30

First please give me Infos, how I can register me at the FOG Forum.
I fill out the fields username and password, confirm the captcha code, after click on "Jetzt registrieren" I see the message
"Captcha not verified, are you a robot?" No matter what I type, the error always comes up.

Well, the primary issue:

We have some Dell Inspiron 5420 All-in-One-PCs with Windows 11. We have problems with the Secure Boot/UEFI.
PXE and WOL are set in the BIOS.

Enabled Secure Boot, the PC boots from the installed Windows 11.
Disabled Secure Boot, the PC boots with PXE, the FOG/iPXE 1.21.1+ starts (looking for new Images and so on).
But at the FOG Project screen (where is the text "Host is registered as ...") (see below)
at the end of the line "Boot form hard disk" the counter counts down from 3 to 0, but there is a endless loop
and it doesn't go any further.

Image

Enabled Secure Boot, the PXE/deploying Image doesn't work.

How can it solved?
FOG works with Windows 11/Secure Boot?

Thx for ur help

mastacontrola commented

FOG Does not work out of the box with secure boot nor has it ever.

Disable secure boot,
capture your image, (or deploy)
enable secure boot.

If you require secure boot consistently, there are methods available to do it but it's not a foolproof method I doubt.

https://forums.fogproject.org/topic/13832/secureboot-issues/8?_=1721229080146
https://forums.fogproject.org/post/145434

darksidemilk commented

I just re-read this and realized you're disabling secure boot and not being able to boot to disk, not so much trying to boot to fog with secure boot.
We do have a fix in the 1.6 beta (update from the working-1.6 branch instead of the master branch to try it out)
In the latest versions of ipxe they made it possible to boot to a uefi disk with the sanboot command.
We updated the boot to hard disk behavior to use this new functionality and included the latest version of ipxe in working 1.6. you can see the sanboot changes in fog here:

fogproject/packages/web/lib/fog/bootmenu.class.php

Line 177 in b9dcbe3

/** Booting to hard disk via sanboot

You could also follow the instructions here https://docs.fogproject.org/en/latest/compile_ipxe_binaries to compile the latest ipxe for your current version and edit the equivalent sanboot line manually.
You also want to change your efi exit option from refind to sanboot for this to work.

That's a rough guideline on what needs doing, let me know if you need more detailed help, I just don't have the time right this second to dig into deeper detail