8
You won't HAVE to, but it might make it easier at first. The kernel module for the drivers simply needs to be signed and then secure boot will be happy. I've done it for debian before but can't find the exact piece of documentation explaining how to sign the kernel module.
Edit: Debian Guide