diff --git a/go.mod b/go.mod
index 1818039..6ad1307 100644
--- a/go.mod
+++ b/go.mod
@@ -18,10 +18,10 @@ require (
 	github.com/siderolabs/crypto v0.5.1
 	github.com/siderolabs/gen v0.8.0
 	github.com/siderolabs/go-blockdevice v0.4.8
-	github.com/siderolabs/image-factory v0.6.4
+	github.com/siderolabs/image-factory v0.6.6-0.20241227134227-3b302c6a4ca1
 	github.com/siderolabs/net v0.4.0
-	github.com/siderolabs/talos v1.9.0
-	github.com/siderolabs/talos/pkg/machinery v1.9.0
+	github.com/siderolabs/talos v1.10.0-alpha.0
+	github.com/siderolabs/talos/pkg/machinery v1.10.0-alpha.0
 	github.com/stretchr/testify v1.10.0
 	golang.org/x/mod v0.22.0
 	google.golang.org/grpc v1.69.0
@@ -174,7 +174,7 @@ require (
 	github.com/secure-systems-lab/go-securesystemslib v0.8.0 // indirect
 	github.com/shibumi/go-pathspec v1.3.0 // indirect
 	github.com/shopspring/decimal v1.3.1 // indirect
-	github.com/siderolabs/go-blockdevice/v2 v2.0.7 // indirect
+	github.com/siderolabs/go-blockdevice/v2 v2.0.8 // indirect
 	github.com/siderolabs/go-circular v0.2.1 // indirect
 	github.com/siderolabs/go-kubernetes v0.2.17 // indirect
 	github.com/siderolabs/go-pointer v1.0.0 // indirect
@@ -212,9 +212,9 @@ require (
 	go.opentelemetry.io/otel v1.31.0 // indirect
 	go.opentelemetry.io/otel/metric v1.31.0 // indirect
 	go.opentelemetry.io/otel/trace v1.31.0 // indirect
-	golang.org/x/crypto v0.30.0 // indirect
+	golang.org/x/crypto v0.31.0 // indirect
 	golang.org/x/exp v0.0.0-20241108190413-2d47ceb2692f // indirect
-	golang.org/x/net v0.32.0 // indirect
+	golang.org/x/net v0.33.0 // indirect
 	golang.org/x/oauth2 v0.24.0 // indirect
 	golang.org/x/sync v0.10.0 // indirect
 	golang.org/x/sys v0.28.0 // indirect
diff --git a/go.sum b/go.sum
index 2902e30..f7d4ec5 100644
--- a/go.sum
+++ b/go.sum
@@ -657,6 +657,8 @@ github.com/siderolabs/go-blockdevice v0.4.8 h1:KfdWvIx0Jft5YVuCsFIJFwjWEF1oqtzkg
 github.com/siderolabs/go-blockdevice v0.4.8/go.mod h1:4PeOuk71pReJj1JQEXDE7kIIQJPVe8a+HZQa+qjxSEA=
 github.com/siderolabs/go-blockdevice/v2 v2.0.7 h1:OCxxA7W1xVqbEP3MrCttqhKpuV4t1KkBTzNeboYDTmc=
 github.com/siderolabs/go-blockdevice/v2 v2.0.7/go.mod h1:74htzCV913UzaLZ4H+NBXkwWlYnBJIq5m/379ZEcu8w=
+github.com/siderolabs/go-blockdevice/v2 v2.0.8 h1:bAJQby5YF98eNOG6WyuLtXQu7eXiwKC3KJEH/Fb3HOo=
+github.com/siderolabs/go-blockdevice/v2 v2.0.8/go.mod h1:74htzCV913UzaLZ4H+NBXkwWlYnBJIq5m/379ZEcu8w=
 github.com/siderolabs/go-circular v0.2.1 h1:a++iVCn9jyhICX3POQZZX8n72p2h5JGdGU6w1ulmpcA=
 github.com/siderolabs/go-circular v0.2.1/go.mod h1:ZDItzVyXK+B/XuqTBV5MtQtSv06VI+oCmWGRnNCATo8=
 github.com/siderolabs/go-kubernetes v0.2.17 h1:xxwDtoPQx032Ot6zAhDyOssfMazZG57gjzDGkpaVJuE=
@@ -671,14 +673,20 @@ github.com/siderolabs/go-talos-support v0.1.1 h1:g51J0WQssQAycU/0cDliC2l4uX2H02y
 github.com/siderolabs/go-talos-support v0.1.1/go.mod h1:o4woiYS+2J3djCQgyHZRVZQm8XpazQr+XPcTXAZvamo=
 github.com/siderolabs/image-factory v0.6.4 h1:BMirVs99OODjjzjfMyGblvF/OrXqOwAACfp++ipfriM=
 github.com/siderolabs/image-factory v0.6.4/go.mod h1:KY9UkMRqzC+dVVy3z8sWpN/Jg6Ce+I8cVJb97SR32SI=
+github.com/siderolabs/image-factory v0.6.6-0.20241227134227-3b302c6a4ca1 h1:QIzpOKGHaKYgfPpT+VrFwQkEevhNSTHV3T3qocNcPCg=
+github.com/siderolabs/image-factory v0.6.6-0.20241227134227-3b302c6a4ca1/go.mod h1:CucCuWZLJsXXXqDhdJN/cPejapeJYQIOIbhIGKBs14c=
 github.com/siderolabs/net v0.4.0 h1:1bOgVay/ijPkJz4qct98nHsiB/ysLQU0KLoBC4qLm7I=
 github.com/siderolabs/net v0.4.0/go.mod h1:/ibG+Hm9HU27agp5r9Q3eZicEfjquzNzQNux5uEk0kM=
 github.com/siderolabs/protoenc v0.2.1 h1:BqxEmeWQeMpNP3R6WrPqDatX8sM/r4t97OP8mFmg6GA=
 github.com/siderolabs/protoenc v0.2.1/go.mod h1:StTHxjet1g11GpNAWiATgc8K0HMKiFSEVVFOa/H0otc=
 github.com/siderolabs/talos v1.9.0 h1:hfQA/YKgT7zUvEsHfxNaOmWtl3kaXfogdjLdUQyEkTE=
 github.com/siderolabs/talos v1.9.0/go.mod h1:tfpH28CTBURTF68lf97xUEFZt/p4TKzCMzhd7JgU054=
+github.com/siderolabs/talos v1.10.0-alpha.0 h1:ZinJs1C0EuZw0YQXSLV0Dli46PqXAqr+7FhkI0iGdZI=
+github.com/siderolabs/talos v1.10.0-alpha.0/go.mod h1:LVuvAZiMsZqRf22VnVStbuw4gl+c/DaNcu9P5XiLdLg=
 github.com/siderolabs/talos/pkg/machinery v1.9.0 h1:9WWhu6yOlnbGousV6E8StwSntI3+JJf0debXEJZCAkg=
 github.com/siderolabs/talos/pkg/machinery v1.9.0/go.mod h1:0EnV+wg+qr86sR+riUgutxaOZqWFSnrC/mx52TpNyIQ=
+github.com/siderolabs/talos/pkg/machinery v1.10.0-alpha.0 h1:ik7cXQu7YqkV/Ryd8yU+xlckn0csmpQwV1KZEeCINdw=
+github.com/siderolabs/talos/pkg/machinery v1.10.0-alpha.0/go.mod h1:gFqGUE60R9EdIkNCzxcJ55Y6bv2d4i5+KLbou3rzpQ0=
 github.com/sigstore/cosign/v2 v2.4.1 h1:b8UXEfJFks3hmTwyxrRNrn6racpmccUycBHxDMkEPvU=
 github.com/sigstore/cosign/v2 v2.4.1/go.mod h1:GvzjBeUKigI+XYnsoVQDmMAsMMc6engxztRSuxE+x9I=
 github.com/sigstore/fulcio v1.6.3 h1:Mvm/bP6ELHgazqZehL8TANS1maAkRoM23CRAdkM4xQI=
@@ -829,6 +837,8 @@ golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5y
 golang.org/x/crypto v0.3.0/go.mod h1:hebNnKkNXi2UzZN1eVRvBB7co0a+JxK6XbPiWVs/3J4=
 golang.org/x/crypto v0.30.0 h1:RwoQn3GkWiMkzlX562cLB7OxWvjH1L8xutO2WoJcRoY=
 golang.org/x/crypto v0.30.0/go.mod h1:kDsLvtWBEx7MV9tJOj9bnXsPbxwJQ6csT/x4KIN4Ssk=
+golang.org/x/crypto v0.31.0 h1:ihbySMvVjLAeSH1IbfcRTkD/iNscyz8rGzjF/E5hV6U=
+golang.org/x/crypto v0.31.0/go.mod h1:kDsLvtWBEx7MV9tJOj9bnXsPbxwJQ6csT/x4KIN4Ssk=
 golang.org/x/exp v0.0.0-20241108190413-2d47ceb2692f h1:XdNn9LlyWAhLVp6P/i8QYBW+hlyhrhei9uErw2B5GJo=
 golang.org/x/exp v0.0.0-20241108190413-2d47ceb2692f/go.mod h1:D5SMRVC3C2/4+F/DB1wZsLRnSNimn2Sp/NPsCrsv8ak=
 golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
@@ -852,6 +862,8 @@ golang.org/x/net v0.2.0/go.mod h1:KqCZLdyyvdV855qA2rE3GC2aiw5xGR5TEjj8smXukLY=
 golang.org/x/net v0.6.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs=
 golang.org/x/net v0.32.0 h1:ZqPmj8Kzc+Y6e0+skZsuACbx+wzMgo5MQsJh9Qd6aYI=
 golang.org/x/net v0.32.0/go.mod h1:CwU0IoeOlnQQWJ6ioyFrfRuomB8GKF6KbYXZVyeXNfs=
+golang.org/x/net v0.33.0 h1:74SYHlV8BIgHIFC/LrYkOGIwL19eTYXQ5wc6TBuO36I=
+golang.org/x/net v0.33.0/go.mod h1:HXLR5J+9DxmrqMwG9qjGCxZ+zKXxBru04zlTvWlWuN4=
 golang.org/x/oauth2 v0.24.0 h1:KTBBxWqUa0ykRPLtV69rRto9TLXcqYkeswu48x/gvNE=
 golang.org/x/oauth2 v0.24.0/go.mod h1:XYTD2NtWslqkgxebSiOHnXEap4TF09sJSc7H1sXbhtI=
 golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
diff --git a/pkg/talos/talos_image_factory_urls_data_source.go b/pkg/talos/talos_image_factory_urls_data_source.go
index b4bd4af..f216f35 100644
--- a/pkg/talos/talos_image_factory_urls_data_source.go
+++ b/pkg/talos/talos_image_factory_urls_data_source.go
@@ -294,15 +294,24 @@ func (d *talosImageFactoryURLSDataSource) Read(ctx context.Context, req datasour
 		urlsData.DiskImage = basetypes.NewStringValue(fmt.Sprintf("%s/image/%s/%s/metal-arm64.raw.xz", d.imageFactoryClient.BaseURL(), schematicID, talosVersion))
 	default:
 		platformData := xslices.Filter(metadata.Platforms(), func(p metadata.Platform) bool { return p.Name == platform })
+		if platformData[0].SecureBootSupported {
+			urlsData.InstallerSecureboot = basetypes.NewStringValue(fmt.Sprintf("%s/installer-secureboot/%s:%s", uri.Host, schematicID, talosVersion))
+		}
 
 		for _, bootMethod := range platformData[0].BootMethods {
 			switch bootMethod {
 			case "disk-image":
 				urlsData.DiskImage = basetypes.NewStringValue(fmt.Sprintf("%s/image/%s/%s/%s-%s.%s", d.imageFactoryClient.BaseURL(), schematicID, talosVersion, platform, architecture, platformData[0].DiskImageSuffix)) //nolint:lll
+				if platformData[0].SecureBootSupported {
+					urlsData.DiskImageSecureboot = basetypes.NewStringValue(fmt.Sprintf("%s/image/%s/%s/%s-%s-secureboot.%s", d.imageFactoryClient.BaseURL(), schematicID, talosVersion, platform, architecture, platformData[0].DiskImageSuffix)) //nolint:lll
+				}
 			case "pxe":
 				urlsData.PXE = basetypes.NewStringValue(fmt.Sprintf("%s://pxe.%s/pxe/%s/%s/%s-%s", uri.Scheme, uri.Host, schematicID, talosVersion, platform, architecture))
 			case "iso":
 				urlsData.ISO = basetypes.NewStringValue(fmt.Sprintf("%s/image/%s/%s/%s-%s.iso", d.imageFactoryClient.BaseURL(), schematicID, talosVersion, platform, architecture))
+				if platformData[0].SecureBootSupported {
+					urlsData.ISOSecureboot = basetypes.NewStringValue(fmt.Sprintf("%s/image/%s/%s/%s-%s-secureboot.iso", d.imageFactoryClient.BaseURL(), schematicID, talosVersion, platform, architecture)) //nolint:lll
+				}
 			}
 		}
 	}
diff --git a/pkg/talos/talos_image_factory_urls_data_source_test.go b/pkg/talos/talos_image_factory_urls_data_source_test.go
index 6efc6ea..81d809f 100644
--- a/pkg/talos/talos_image_factory_urls_data_source_test.go
+++ b/pkg/talos/talos_image_factory_urls_data_source_test.go
@@ -105,11 +105,11 @@ func TestAccTalosImageFactoryURLsDataSource(t *testing.T) {
 				Config: testAccTalosImageFactoryURLsNoCloudPlatformConfig(),
 				Check: resource.ComposeAggregateTestCheckFunc(
 					resource.TestCheckResourceAttr("data.talos_image_factory_urls.this", "urls.installer", "factory.talos.dev/installer/376567988ad370138ad8b2698212367b8edcb69b5fd68c80be1f2ec7d603b4ba:v1.7.5"),
-					resource.TestCheckNoResourceAttr("data.talos_image_factory_urls.this", "urls.installer_secureboot"),
+					resource.TestCheckResourceAttr("data.talos_image_factory_urls.this", "urls.installer_secureboot", "factory.talos.dev/installer-secureboot/376567988ad370138ad8b2698212367b8edcb69b5fd68c80be1f2ec7d603b4ba:v1.7.5"),
 					resource.TestCheckResourceAttr("data.talos_image_factory_urls.this", "urls.iso", "https://factory.talos.dev/image/376567988ad370138ad8b2698212367b8edcb69b5fd68c80be1f2ec7d603b4ba/v1.7.5/nocloud-amd64.iso"),
-					resource.TestCheckNoResourceAttr("data.talos_image_factory_urls.this", "urls.iso_secureboot"),
+					resource.TestCheckResourceAttr("data.talos_image_factory_urls.this", "urls.iso_secureboot", "https://factory.talos.dev/image/376567988ad370138ad8b2698212367b8edcb69b5fd68c80be1f2ec7d603b4ba/v1.7.5/nocloud-amd64-secureboot.iso"),
 					resource.TestCheckResourceAttr("data.talos_image_factory_urls.this", "urls.disk_image", "https://factory.talos.dev/image/376567988ad370138ad8b2698212367b8edcb69b5fd68c80be1f2ec7d603b4ba/v1.7.5/nocloud-amd64.raw.xz"),
-					resource.TestCheckNoResourceAttr("data.talos_image_factory_urls.this", "urls.disk_image_secureboot"),
+					resource.TestCheckResourceAttr("data.talos_image_factory_urls.this", "urls.disk_image_secureboot", "https://factory.talos.dev/image/376567988ad370138ad8b2698212367b8edcb69b5fd68c80be1f2ec7d603b4ba/v1.7.5/nocloud-amd64-secureboot.raw.xz"),
 					resource.TestCheckResourceAttr("data.talos_image_factory_urls.this", "urls.pxe", "https://pxe.factory.talos.dev/pxe/376567988ad370138ad8b2698212367b8edcb69b5fd68c80be1f2ec7d603b4ba/v1.7.5/nocloud-amd64"),
 					resource.TestCheckNoResourceAttr("data.talos_image_factory_urls.this", "urls.kernel"),
 					resource.TestCheckNoResourceAttr("data.talos_image_factory_urls.this", "urls.kernel_command_line"),
diff --git a/pkg/talos/talos_image_factory_versions_data_source_test.go b/pkg/talos/talos_image_factory_versions_data_source_test.go
index 609852e..54ab69c 100644
--- a/pkg/talos/talos_image_factory_versions_data_source_test.go
+++ b/pkg/talos/talos_image_factory_versions_data_source_test.go
@@ -26,7 +26,7 @@ func TestAccTalosImageFactoryVersionsDataSource(t *testing.T) {
 			{
 				Config: testAccTalosImageFactoryVersionsDataSourceWithFilterConfig(),
 				ConfigStateChecks: []statecheck.StateCheck{
-					statecheck.ExpectKnownOutputValue("talos_version", knownvalue.StringExact("v1.9.0")),
+					statecheck.ExpectKnownOutputValue("talos_version", knownvalue.StringExact("v1.9.1")),
 				},
 			},
 		},
diff --git a/pkg/talos/talos_machine_configuration_data_source_test.go b/pkg/talos/talos_machine_configuration_data_source_test.go
index 1d35ede..d5f5822 100644
--- a/pkg/talos/talos_machine_configuration_data_source_test.go
+++ b/pkg/talos/talos_machine_configuration_data_source_test.go
@@ -66,7 +66,7 @@ func TestAccTalosMachineConfigurationDataSource(t *testing.T) {
 			},
 			// test data source with custom values
 			{
-				Config: testAccTalosMachineConfigurationDataSourceConfig("", "example-cluster-1", "controlplane", "https://cluster-1.local:6443", "v1.27.0", true, false, false, false),
+				Config: testAccTalosMachineConfigurationDataSourceConfig("", "example-cluster-1", "controlplane", "https://cluster-1.local:6443", "v1.28.0", true, false, false, false),
 				Check: resource.ComposeAggregateTestCheckFunc(
 					resource.TestCheckResourceAttr("data.talos_machine_configuration.this", "id", "example-cluster-1"),
 					resource.TestCheckResourceAttr("data.talos_machine_configuration.this", "cluster_name", "example-cluster-1"),
@@ -75,7 +75,7 @@ func TestAccTalosMachineConfigurationDataSource(t *testing.T) {
 					resource.TestCheckResourceAttr("data.talos_machine_configuration.this", "machine_type", "controlplane"),
 					resource.TestCheckResourceAttr("data.talos_machine_configuration.this", "config_patches.#", "4"),
 					resource.TestCheckResourceAttr("data.talos_machine_configuration.this", "config_patches.0", "\"machine\":\n  \"install\":\n    \"disk\": \"/dev/sdd\"\n"),
-					resource.TestCheckResourceAttr("data.talos_machine_configuration.this", "kubernetes_version", "v1.27.0"),
+					resource.TestCheckResourceAttr("data.talos_machine_configuration.this", "kubernetes_version", "v1.28.0"),
 					resource.TestCheckResourceAttr("data.talos_machine_configuration.this", "talos_version", semver.MajorMinor(gendata.VersionTag)),
 					resource.TestCheckResourceAttr("data.talos_machine_configuration.this", "docs", "false"),
 					resource.TestCheckResourceAttr("data.talos_machine_configuration.this", "examples", "false"),
@@ -85,7 +85,7 @@ func TestAccTalosMachineConfigurationDataSource(t *testing.T) {
 							"example-cluster-1",
 							"https://cluster-1.local:6443",
 							"/dev/sdd",
-							"1.27.0",
+							"1.28.0",
 							"controlplane",
 							value,
 							false,