Pre-Enroll keys?

[Afox]

Hello,

can anyone explain to me what the Option "Pre-Enroll keys" does and if it is necessary under a Linux guest. Can I enroll the keys later if I now chose to not enroll the keys?

Thank you

 

[t.lamprecht]

Hi,

can anyone explain to me what the Option "Pre-Enroll keys" does and if it is necessary under a Linux guest

It defaults to an EFI vars image that has distributions (at least Ubuntu & Debian IIRC) + Microsoft keys enrolled in the image already and it has secure boot on by default.

Necessity depends on what you want (secure boot or not), with secure boot disabled the keys do not matter much (but the OS may complain, e.g., newer Windows 11 require it by default).

We select it by default as for most people that want/need secure boot it does already the right thing.

Can I enroll the keys later if I now chose to not enroll the keys?

Yes, you can enter the OVMF settings at VM start by pressing ESC, select Device Manager and then Secure Boot Configuration, there you can configure a few rellated things and enrol keys (if mode is set to custom).

 

[Afox]

I had to follow this guide to make it work again: https://pve.proxmox.com/wiki/OVMF/UEFI_Boot_Entries