Hi all,
I found the following article from Ubuntu on Secure Boot and have some questions as the article is a bit outdated (5 years).
In case that process still works: Would proxmox be willing to sign their kernel & modules they compile and make their used DER file available for download so that users who wish to use Secure Boot can manually enroll the signed DER key? That way, the same ISO can still be distributed as it has been, but users can optionally add Secure Boot support?
Background:
I have upgraded my pfsense firewall only system from an old 4th gen Intel NUC to a Minisforum U820 with dual LAN and now run pfsense in a VM on proxmox 7. Works perfectly!
However... the BIOS enforces Secure Boot, and there is no way to disable it. And I really like the hardware - powerful, dual lan and works pretty much out of the box.
I found a work around in the forum and have there installed the signed Debian 11 bullseye distro (debian 5.10 kernel) and then added proxmox VE afterwards.
Adding proxmox VE automatically installs pve kernel 5.13, which cannot be booted and would prevent headless booting. I fixed this by setting GRUB_DEFAULT=3 (pointing now to a new 5.10. menuentry).
This all works - but it's a lot of manual work and the result is not using the pve kernel - and I dont know what that means...
Thanks!
I found the following article from Ubuntu on Secure Boot and have some questions as the article is a bit outdated (5 years).
In case that process still works: Would proxmox be willing to sign their kernel & modules they compile and make their used DER file available for download so that users who wish to use Secure Boot can manually enroll the signed DER key? That way, the same ISO can still be distributed as it has been, but users can optionally add Secure Boot support?
Background:
I have upgraded my pfsense firewall only system from an old 4th gen Intel NUC to a Minisforum U820 with dual LAN and now run pfsense in a VM on proxmox 7. Works perfectly!
However... the BIOS enforces Secure Boot, and there is no way to disable it. And I really like the hardware - powerful, dual lan and works pretty much out of the box.
I found a work around in the forum and have there installed the signed Debian 11 bullseye distro (debian 5.10 kernel) and then added proxmox VE afterwards.
Adding proxmox VE automatically installs pve kernel 5.13, which cannot be booted and would prevent headless booting. I fixed this by setting GRUB_DEFAULT=3 (pointing now to a new 5.10. menuentry).
This all works - but it's a lot of manual work and the result is not using the pve kernel - and I dont know what that means...
Thanks!