The following article talks about currently limited support in Ghost Solution Suite (GSS) for SecureBoot mode for Linux clients.

GSS 3.3 RU11

Starting with GSS 3.3 RU11 release, GSS has limited support for SecureBoot mode for Linux clients.

Limitations:

• The new functionality doesn’t support iPXE, Windows clients, and requires an updated frm with LinPE – ‘BDCgpl_x64_6.9.11011.frm2’.
• The new functionality doesn’t support configured PXE menu timeout values, and doesn’t auto select configured PXE image.

Considering the limitations above, it’s recommended to configure a separate PXE server for Linux clients to avoid conflicts or network boot time increase for Windows clients.

There are some additional steps that need to be performed manually:

1. PXE Forced Mode needs to be configured (refer to Setting up Vendor-specific PXE Forced Mode (KB 180935) for the additional details), however in the DHCP option 066, TFTP server name needs to be set to IP of PXE Server.
   
   
   
   
2. \BStrap\x64\BStrap.efi needs to be replaced by shimx64.efi (create backup of old BStrap.efi first)
   
   
   
   

In addition to PXE boot, boot media created with LinPE now also supports SecureBoot.