• Moderator

    Hi All,
    This is more of a general question about the future of FOG and possible FOG alternatives if the project is unable to support Secure Boot/Windows 11. I hate to post this here, but I don’t know anyone else on the internet who are bigger experts in imaging. I know in general this being an open source volunteer driven project, it is a big ask to support the big challenges Microsoft is throwing in the way of the project.

    I wanted to ask if anyone has any experience with any other solutions, please let me know. My organization would like to look at alternatives though we would be quite devastated if we had to move away from FOG since it has been our saving grace for 10+ years. If this is inappropriate to post here, I will gladly take this down.


  • Developer

    @fry_p for assurance, FOG still works with windows 11 and it also works on hardware devices that are NOT supported by Microsoft, your image will still deploy, complete and be functional on these devices albeit out of support from a Microsoft perspective but if secure boot becomes compulsory for all your devices then yes, you have to consider the challenges in managing your own secureboot PKI for FOG but Windows 11 should not be a reason to consider an alternative.

  • Moderator

    @fry_p Without secure boot probably yes if Smartdeploy is winpe based. The problem will still be ipxe is not signed so will not boot in secure boot mode.

  • Moderator

    @george1421 Really wacky question for you…Can you boot into something like Smart Deploy (they have a SmartPE environment they use) from FOG? I don’t know if you have the answer, but I would definitely prefer using FOG to boot into this rather than WDS.

  • Moderator

    @fry_p Really when it comes to secure boot FOG has 2 options.

    1. Pay to get a signing certificate from microsoft and then the fog developers will have to sign the FOG kernel and all of the iPXE boot loaders. This will take someone to run this project and money to pay M$ for the signing certificate. That would force the FOG project into some type of subscription model to continue to support that service.

    2. Add your own certificates to the cert store in the uefi firmware. That will require the creating a FOG PKI infrastructure and then updating the certificate store on each computer (once) to match the signing certificate for FOG as well as keep the other certificates so that the microsoft stuff still continues to work.

    Myself personally I started looking into option 2 but then found something else shinny to chase and the project got tabled.