EDIT: Please see the comment that follows. Windows 11 does not require secure boot be enabled, only that the machine be "Secure Boot capable".

Now that Windows 11 is out and requires that secure boot be enabled, disabling secure boot to use iPXE to install the latest version of windows or manage boot on a Windows 11 machine is no longer really an option. This leaves those who want to use iPXE with Windows 11 with a couple options:

1. Wait for a signed ipxe.efi binary. ipxe.org has released signed wimboot (https://twitter.com/ipxe/status/1362179198979366919), and stated they're working towards a signed ipxe or snponly (https://twitter.com/nikize0/status/1364615001529540613). Parts of the wimboot work were sponsored by 2Pint Software, who definitely seems to have themselves gotten an ipxe.efi binary signed for their product (https://techcommunity.microsoft.com/t5/hardware-dev-center/ipxe-security-assurance-review/ba-p/1062943, https://techcommunity.microsoft.com/t5/hardware-dev-center/updated-uefi-signing-requirements/ba-p/1062916)
2. Each interested party/company signing ipxe.efi with their own keys and managing those secure boot keys on their machines: https://www.rodsbooks.com/efi-bootloaders/controlling-sb.html

I 100% realize that the community is in no way entitled to a signed binary. It would just be helpful to know the state of things before each of us start down the path for the second option (or perhaps individually undertake submitting a custom-built ipxe.efi to Microsoft for signing). The total development cost of each group having to pursue option 2 seems like it would be orders greater than the cost of option 1, so I wonder if sponsorship or something similar could be helpful.