Hello torstorm,
I'm still new to Proxmox Forum. unfortunately I don't have a Nvidia GPU at my home..therefore I could not test it.
It seems that needing to re-register the MOK key after a kerne update has been a long standing specification in Linux.
However, it appears that the Debian team has made changes starting from the new Bookworm version.
I found a known issue:
[Known issue]
https://forums.debian.net/viewtopic.php?t=158138&start=20
[SecureBoot]
https://wiki.debian.org/SecureBoot
[New story]
https://www.reddit.com/r/debian/comments/17wumyg/nvidia_proprietary_drivers_secure_boot_shim/
Did you follow the steps below?:
https://pve.proxmox.com/wiki/Secure_Boot_Setup
root@seiji:/var/lib# sudo apt install dkms
root@seiji:/var/lib/dkms# pwd
/var/lib/dkms
Proxmox wiki saying that It seems the /var/lib/dkms directory was created after I ran sudo apt install dkms.
So We ned to place the mok.pub key in this directory.
DKMS
In order for the kernel to accept DKMS modules they need to be signed.
DKMS signs modules at build time. By default, a key will be found in /var/lib/dkms/mok.pub. When using a shim setup, this key can be enrolled as a MOK directly. To do this, run mokutil --import /var/lib/dkms/mok.pub and reboot. The MokManager tool will show up and the key can be enrolled via its menu.
DKMS can be configured via /etc/dkms/framework.conf via the following variables:
mok_signing_key=/root/secureboot/db.key
mok_certificate=/root/secureboot/db.cer
Hope this helps,
Respectfully.
Seiji
