Thank you
@fiona
I think that might be the issue I'm having, which would also affect all HP EliteDesk 800 G1's
Any guidance on how to test it?
This is what I did for now to be able to have Secure Boot enabled:
1) Installed PBS from scratch using the latest ISO.
2) After the installation and BEFORE updating it, I mounted the boot partition with: mount /dev/sda2 /mnt/boot
3) Made a tar with all the files in /mnt/boot/EFI/proxmox
4) Restored the backup of my previous PBS and then booted it with Secure Boot disabled
5) Mounted the boot partition again with: mount /dev/sda2 /mnt/boot
6) Extracted the tar to /mnt/boot/EFI/custom-boot
7) And finally, used this command: efibootmgr --unicode --disk /dev/sda --part 2 --create --label "custom-boot" --loader "\\EFI\\custom-boot\\shimx64.efi"
After that I just enabled secure boot and it worked fine.
However this is not ideal since that shim is signed with the 2011 keys.
I downloaded this
https://sources.debian.org/src/shim-signed/1.51/shimx64.efi.signed.MS-2023 and copied it as /mnt/boot/EFI/custom-boot/shimx64.efi but it didn't work. It showed a Security Policy Violation message in the blue MokManager screen.