I wanted to get some feedback on some different secure boot possibilities. As it stands now, CloneDeploy supports secure boot with the Windows Imaging Environment with PXE, USB, and ISO. The Linux Imaging Environment only supports secure boot with USB and ISO. My question is, does anyone care to have secure boot with PXE for the Linux Imaging Environment, or does everyone just turn it off anyway?
Currently, major linux distros have a signed shim and grub2 bootloader that does work with normal pxe operations. Unfortunately they do not implement proxy offers and cannot work with CloneDeploy proxy dhcp.
I have compiled these with fixes needed to work with CloneDeploy Proxy dhcp, but obviously they are not signed and will not work with secure boot. In order to get these signed, requires a business and a financial commitment. I have attempted to order a signing certificate but since I am not a business, I cannot. Here are the current options:
1.) I need a volunteer with a business that can order this certificate for me.
2.) I need to create my own business. Doing so would go against my mission, but I don't see many other choices. I would be forced to create a free and paid option for CloneDeploy. The paid option would include signed binaries for Secure Boot and possibly supportive services.
3.) Leave everything alone, and just disabled secure boot on the pc's. I feel that eventually this option won't exist. Eventually all computers will require secure boot and you won't be able to disable it. Thus, ending CloneDeploy.