adamb's latest activity

  • A
    adamb reacted to fabian's post in the thread Dev input please on Microsoft CA 2023 with Like Like.
    note that Debian is currently preparing the changes for their first shim update signed with both old and new microsoft keys, and that includes checking which keys are currently enrolled and refusing the update if there is no overlap. that means...
  • A
    Thank you for the input fabian, that makes me feel alot better about all this.
  • A
    I think I understand now. When the VM is stopped then started and this is in place "ms-cert=2023k", it does exactly what enroll-efi-key does right before it actually powers it on.
  • A
    Appreciate the input! What throws me off, is the "qm enroll-efi-key vmid" seems to do a lot more than just add a tag to the vm config file. root@frontend-test:~# qm enroll-efi-keys 100 efidisk0: enrolling Microsoft UEFI CA 2023 INFO: reading...
  • A
    Is there anyway to make the CLI option function like the GUI/API? With 1000's of VM's that is a tough one. Setting up tokens on tons of hosts to use the API would be a lot of manual work as well.
  • A
    Do the VM's need to be stop/started? Or is an actual reboot enough?
  • A
    Appreciate the input. When you say "eventually", how long do you suspect that will be? Trying to gauge how quickly we need to move on this.
  • A
    If we have Debian linux VM's running secure boot and the older 2011 certificate. Let say Debian releases a new shim update after June and is singed by the 2023 cert, will all those VM fail to boot?