How to enable secure boot on PVE 6?

May 18, 2019
Now that debian buster supports secureboot, how do I enable it in PVE 6?

also, do i have this right? I will not be able (or it will be complicated) to install kernel modules on lxc containers. if i need to install kernel modules I should use KVM (without secure boot, or is secure boot available also for KVMs)?
We don't offer signed kernel images or Grub (yet), so there is no Secure Boot with PVE.

LXC guests share a kernel with the host system, so you need to load the modules for the host and all containers, or not at all. If you want to have a certain kernel module only for one guest, you should use a VM (then you can also choose a different kernel version or kernel altogether ;)). There is some support for emulating Secure Boot in Qemu, but it is not integrated in PVE and does not make much sense if the host itself does not have a verified boot chain.
  • Like
Reactions: Taylan and Proxygen


The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!