• Recent
    • Unsolved
    • Tags
    • Popular
    • Users
    • Groups
    • Search
    • Register
    • Login

    Secure Boot Support for Windows 11

    Scheduled Pinned Locked Moved
    Feature Request
    4
    6
    4.3k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • JJ FullmerJ
      JJ Fullmer Testers
      last edited by

      I realize this was only just announced today, but windows 11 is coming as early as this year and it now (allegedly) requires secure boot and tpm to be enabled to be installed (see also https://www.windowscentral.com/windows-11-system-requirements)

      There’s been past discussion about getting secure boot supported for fog, but it looks like the time soon comes where we have to do it (which seems to be a theme with a lot of things in tech recently and in the coming year)

      So I just wanted to open up a new thread to get the discussion going to see what needs to be done.

      Have you tried the FogApi powershell module? It's pretty cool IMHO
      https://github.com/darksidemilk/FogApi
      https://fogapi.readthedocs.io/en/latest/
      https://www.powershellgallery.com/packages/FogApi
      https://forums.fogproject.org/topic/12026/powershell-api-module

      1 Reply Last reply Reply Quote 0
      • JJ FullmerJ
        JJ Fullmer Testers
        last edited by

        According to the official page from microsoft https://www.microsoft.com/en-us/windows/windows-11-specifications it just says “secure boot capable” I guess we’ll just have to wait till it’s released to insiders to get some real world information.

        Have you tried the FogApi powershell module? It's pretty cool IMHO
        https://github.com/darksidemilk/FogApi
        https://fogapi.readthedocs.io/en/latest/
        https://www.powershellgallery.com/packages/FogApi
        https://forums.fogproject.org/topic/12026/powershell-api-module

        JJ FullmerJ 1 Reply Last reply Reply Quote 1
        • F
          Fog_Newb
          last edited by Fog_Newb

          I installed the leaked dev version 21996/21996.1 on bare metal and in a VM. Secure Boot didn’t have to be enabled . UEFI and TPM (which requires CSM to be disabled) had to be. Secure Boot - the option only had to be present.

          After more testing. I found I could install it in a VM as Legacy. I guess MS laxed on the VM requirements?

          I also found on metal, I could disable TPM and enable CSM which should make secure boot completely unavailable. Then I deploy a sysprep-ed Win 11OOBE UEFI image on it without any problems.

          I will try pure legacy on metal next…

          This was with that leaked dev build so who knows if it was modified or what not and how close it is to the actual dev build release or the final release.

          1 Reply Last reply Reply Quote 1
          • M
            MarkG
            last edited by

            I’ve just tried an Insider build from the Dev channel, Secure Boot was not required - though is supported by this hardware (Intel NUC). MS are saying that the requirement is actually a TPM - they’re saying ‘Secure Boot Capable’ because that’s more consumer-friendly than talking about TPMs.

            The image type in FOG can be set to Windows 10, and I was able to capture and deploy

            1 Reply Last reply Reply Quote 2
            • JJ FullmerJ
              JJ Fullmer Testers @JJ Fullmer
              last edited by

              @jj-fullmer I haven’t done a full thorough fog windows 11 test. But it seems that some of the cpu and bios security “requirements” aren’t hard requirements. As long as your cpu supports TPM 1.2 you can do a clean install of windows 11, you just can’t in place upgrade (without a registry change).

              I am also posting this on a computer with windows 11 on it, with an i7-6700. I didn’t use fog, and secure boot got enabled by the windows 11 installer (it might have already been enabled, I didn’t double check sadly). However I just disabled secure boot and could still boot.

              So the concerns about a secure boot requirement may be unfounded. This is my home computer and I don’t have a fog server at home, but I’ll come back here once I get a chance to test creating and deploying a windows 11 image to see if there are any issues with secure boot. If anyone wants to test this out @testers before I get some time, you can download a windows 11 iso here https://www.microsoft.com/en-us/software-download/windows11?ranMID=24542&ranEAID=0JlRymcP1YU&ranSiteID=0JlRymcP1YU-aILwA1rXpThxrraz01AUgg&epi=0JlRymcP1YU-aILwA1rXpThxrraz01AUgg&irgwc=1&irclickid=_2cqgd3xf9kkf6xflm1yfj9km9e2xoz2ov3bwz2yp00

              Have you tried the FogApi powershell module? It's pretty cool IMHO
              https://github.com/darksidemilk/FogApi
              https://fogapi.readthedocs.io/en/latest/
              https://www.powershellgallery.com/packages/FogApi
              https://forums.fogproject.org/topic/12026/powershell-api-module

              D 1 Reply Last reply Reply Quote 1
              • D
                dvorak @JJ Fullmer
                last edited by

                @jj-fullmer said in Secure Boot Support for Windows 11:
                “As long as your CPU supports TPM 1.2 you can do a clean install of windows 11, you just can’t in-place upgrade (without a registry change).”

                Is it possible to share the registry change? Unless something even better has changed, I am thinking of in-place windows 10 21H2 to 11 in a dual-boot ubuntu environment. I figure this would stop me from having to reinstall Ubuntu (or grub repair).

                1 Reply Last reply Reply Quote 0
                • 1 / 1
                • First post
                  Last post

                155

                Online

                12.0k

                Users

                17.3k

                Topics

                155.2k

                Posts
                Copyright © 2012-2024 FOG Project