[SOLVED] QUICK HELP How to disable secureboot VM?

[Redicat]

I am getting PCIE ACCES DENIED and DENIED premissions when booting into my VM

My question: How do you disable Secure BOOT IN VM??

https://www.reddit.com/r/Proxmox/comments/qil7qy/unable_to_pxe_boot_uefibased_vms/hjkc58b/

 

[Redicat]

https://www.youtube.com/watch?v=js_Xoa0f8zM

Solved

guys pls react quicker in future bc this issue was really * easy to fix obviously thank you

 

[Neobin]

guys pls react quicker in future bc this issue was really * easy to fix obviously thank you

Seriously?

How about doing a quick google and/or forum search in the future, if you don't want to rely on other people, which help here for free (in their free time)!

 

[Redicat]

Seriously?

How about doing a quick google and/or forum search in the future, if you don't want to rely on other people, which help here for free (in their free time)!

Yeah but it tooks hours "google" isn't always straight forward idek

 

[Redicat]

Seriously?

How about doing a quick google and/or forum search in the future, if you don't want to rely on other people, which help here for free (in their free time)!

Your right ok... i give it to ya, i didn't pay for active subscription (support) lol

 

[Neobin]

Your right ok... i give it to ya, i didn't pay for active subscription (support) lol

This was not the point. Even if you had a subscription, your post was out of the Proxmox staff's business times anyway. So opening a support ticket instead of a forum post, had most likely also not give you a faster answer.

This is an official community forum. It does not matter, if you have a subscription or not.

But in my opinion it is rude to demand on an answer (even more within a short timespan) from other people which, as I said, help here in their free time or in case of the Proxmox staff in their business times, but also for free.

 

[nick.kopas]

Yeah but it tooks hours "google" isn't always straight forward idek

Adding my two cents...

If you had read through the entire thread on reddit I mentioned, you would have found the answer to your question as well as an explanation of the actual root cause. (Enabling Pre-Enroll Keys when creating the EFI partition.)

Working with Proxmox (even as a hobbyist) is complicated and requires a large investment of time. Many of us here have spent countless hours troubleshooting problems. We're all passionate and more than willing to share what we've learned... but your posts seem increasingly unappreciative.

A better approach would've have been to simply post the link to the tutorial video with a brief explanation of how you solved the issue. You figured it out on your own, enjoy the sense of accomplishment and pay it forward. That's how this community works!

 

[Redicat]

Adding my two cents...

If you had read through the entire thread on reddit I mentioned, you would have found the answer to your question as well as an explanation of the actual root cause. (Enabling Pre-Enroll Keys when creating the EFI partition.)

Working with Proxmox (even as a hobbyist) is complicated and requires a large investment of time. Many of us here have spent countless hours troubleshooting problems. We're all passionate and more than willing to share what we've learned... but your posts seem increasingly unappreciative.

M8 no "
actual root cause. (Enabling Pre-Enroll Keys when creating the EFI partition.)" nope it's secureboot ESC+EUFIBIOS+DISABLE_SECURE_BOOT... easy as f* to just tell me to ESC but it took like 7+ hours for a reply with "seriously" ... sorry.... not enough. it's not "unappreciative" i am just being ignored and people are disintrested in the thread by purpose.

nope reading reddit wouldn't solved the issue for me imo and other people wouldn't know so it's like stupid to assume people cared.

The fact @Neobin ignored the problem and blindingly liking your post on purpose and pure hate tells me enough instead of just helping me :/

 

[Redicat]

This was not the point. Even if you had a subscription, your post was out of the Proxmox staff's business times anyway. So opening a support ticket instead of a forum post, had most likely also not give you a faster answer.

This is an official community forum. It does not matter, if you have a subscription or not.

But in my opinion it is rude to demand on an answer (even more within a short timespan) from other people which, as I said, help here in their free time or in case of the Proxmox staff in their business times, but also for free.

Short timespan... it's like 8 hours... lol 8 hours "short" and for "seriously" instead of just helping me you just find excuses......

 

[Neobin]

M8 no "
actual root cause. (Enabling Pre-Enroll Keys when creating the EFI partition.)" nope it's secureboot ESC+EUFIBIOS+DISABLE_SECURE_BOOT... easy as f* to just tell me to ESC but it took like 7+ hours for a reply with "seriously" ... sorry.... not enough. it's not "unappreciative" i am just being ignored and people are disintrested in the thread by purpose.

nope reading reddit wouldn't solved the issue for me imo and other people wouldn't know so it's like stupid to assume people cared.

The fact @Neobin ignored the problem and blindingly liking your post on purpose and pure hate tells me enough instead of just helping me :/

Short timespan... it's like 8 hours... lol 8 hours "short" and for "seriously" instead of just helping me you just find excuses......

If you are expecting/needing guaranteed personal 24/7/365 support within minutes, this is the wrong place here.
For this you have to find a support service provider who can offer this and pay him for this.
Now I have played the money-card!

Good luck...

 

[somehume]

Adding my two cents...

If you had read through the entire thread on reddit I mentioned, you would have found the answer to your question as well as an explanation of the actual root cause. (Enabling Pre-Enroll Keys when creating the EFI partition.)

Working with Proxmox (even as a hobbyist) is complicated and requires a large investment of time. Many of us here have spent countless hours troubleshooting problems. We're all passionate and more than willing to share what we've learned... but your posts seem increasingly unappreciative.

A better approach would've have been to simply post the link to the tutorial video with a brief explanation of how you solved the issue. You figured it out on your own, enjoy the sense of accomplishment and pay it forward. That's how this community works!

Thanks for that Reddit link!

 

[Gorian]

Seriously?

How about doing a quick google and/or forum search in the future, if you don't want to rely on other people, which help here for free (in their free time)!

Necro-post, but FYI, this thread was my top result when I googled "proxmox disable secure boot". Replying in forums "just use google/just search" poisons the searching results for everyone else in the future

 

[Neobin]

Necro-post, but FYI, this thread was my top result when I googled "proxmox disable secure boot". Replying in forums "just use google/just search" poisons the searching results for everyone else in the future

You absolutely missed my/the point here.

But yeah; before more people waste their time complaining instead of simply clicking on a second search result, here you go:

Post in thread 'Home Assistant VM unable to boot'

Oct 25, 2023

Try disabling secure boot:
At the start of the VM press ESC (several times) to get into the UEFI, there: "Device Management" -> "Secure Boot Configuration" -> "Attempt Secure Boot" -> Uncheck it (remove the: "X") -> Go back to the main menu by pressing ESC multiple times -> "Reset".

• Neobin

 

[Gorian]

before more people waste their time complaining instead of simply clicking on a second search result

Oh no, don't mistake me here - I did both. I provided edification on how we should respond positively to forum posts as they are likely to show in the same search results you told them to use, in the future and I simply clicked on subsequent search results to find the answer. Isn't it great how humans are so versatile and can do more than one thing?

 

[etegration]

https://www.youtube.com/watch?v=js_Xoa0f8zM

Solved

guys pls react quicker in future bc this issue was really * easy to fix obviously thank you

what an as*s

 

[shodan]

Hello,

Yes this thread is google top link for

proxmox how to disable secure boot

along with

N

[SOLVED] Thread 'Disabling Secure Boot for VM'

Apr 11, 2023

Is there a way to disable secure on the VM so it will boot UEFI mode?
Tried doing that while the VM starts up, no response to ESC key...seems the m2.nvme is too fast...
I am installing pfSense. One second makes it impossible unless I can make the change to the VM before it boots.

• Nollimox
• Replies: 4
• Forum: Proxmox VE: Installation and configuration

Anyone that install nvidia drivers in their passthrough VM
and who chose the OVMF bios (and checked pre-enroll keys)
Will find themselves staring at a console instead of their login manager
since the nvidia driver will fail to load

Now we have the instruction from Neobin to go in the bios

At the start of the VM press ESC (several times) to get into the UEFI, there: "Device Management" -> "Secure Boot Configuration" -> "Attempt Secure Boot" -> Uncheck it (remove the: "X") -> Go back to the main menu by pressing ESC multiple times -> "Reset".

I confirm this will resolve your problem

Now I would like to know, do we have a command oneliner to perform this change for a VM from the proxmox console ?

Where is this setting actually stored ?

Here is my actual vm.conf

agent: 1
audio0: device=ich9-intel-hda,driver=none
bios: ovmf
boot: order=scsi0;ide2;net0
cores: 16
cpu: host
efidisk0: local-lvm:vm-118-disk-0,efitype=4m,pre-enrolled-keys=1,size=4M
ide2: lvm-iso:iso/debian-12.11.0-amd64-DVD-1.iso,media=cdrom,size=3760M
machine: q35
memory: 24000
meta: creation-qemu=9.2.0,ctime=1754305242
name: debian
net0: virtio=BC:24:11:26:41:1C,bridge=vmbr0,firewall=1
numa: 0
ostype: l26
scsi0: local-lvm:vm-118-disk-1,iothread=1,size=32G
scsihw: virtio-scsi-single
smbios1: uuid=f1efd63a-ce36-4ad4-ba11-d7a3e921e9b9
sockets: 1
usb0: host=36b0:3002
usb1: host=046d:c548
vga: none
vmgenid: 90c699e1-836c-463d-af0c-180570625d5c
hostpci0: 0000:0f:00,pcie=1,romfile=Lenovo.RTX3060.unknown.version.rom
agent: 1

From the web interface, this line cannot be touched

efidisk0: local-lvm:vm-118-disk-0,efitype=4m,pre-enrolled-keys=1,size=4M

Could it be set to pre-enrolled-keys=0 ? Would that be enough ? What about adding the nvidia keys or keys for whatever modification you just made ?


I think "attempt to secure boot" setting should be something you can toggle in both the web interface and the vm.conf, something clearly labelled "[ ] Enable Secure Boot" so that anyone who figured out that this is their problem doesn't have to search forums to find the solution.

(Does wiping EFIDISK0 and re-creating it without pre-enroll keys also wipe the bootloader ?)