Temporarily Installing TrueNAS 13 on Proxmox 7.3 to overcome SecureBoot issues

I

ihr

Member
Dec 25, 2022
39
5
13
Hello and thank you for your attention reading this thread!

A couple of days ago I purchased new hardware to install TrueNAS (in order to provide a separate NAS storage to Proxmox), but later I discovered TrueNAS couldn't be installed on the new hardware. The entire problem is described here but the short description is that the motherboard comes with AMI BIOS version 1620 that does not allow me to disable SecureBoot.

So, as a temporary solution, I'm planning to:
1) Install Proxmox on that hardware (the computer has 6 hard drives, of which 2 of them are SSD for a mirror of the OP system and 4 of them are for the NAS).
2) Install a single VM with TrueNAS 13.
3) Configure disk passthrough so the 4 hard drives are provided to the VM only.

And serve NFS from that VM.

Although the solution might just "work", it is less than efficient because I know the available memory for TrueNAS will not be all the memory available in the server and other stuff. It is just a temporary solution.

The important question is: Once TrueNAS provides support for SecureBoot, Could I reinstall TrueNAS on the bare metal AND mount the existing NAS drives onto the new installation of TrueNAS?. I know TrueNAS has an option to backup the configuration and load into a new server AND to import an existing pool, in case the backup/restore fails because of the passthrough.

Do you think this will NOT be possible?
 
@Dunuin Thank you for jumping in.

Proxmox installer works on the same hardware TrueNAS installer does not work. I already tested this step because the PC is empty.
Proxmox installation instructions https://www.proxmox.com/en/proxmox-ve/get-started doesn’t requires SecureBoot to be disabled.
Proxmox is based on Debian, and Debian supports SecureBoot. TrueNAS is based on FreeBSD and FreeBSD does not support SecureBoot.

So, I’m confident the installation is not an issue.
 
At least not when using the PVE ISO. See here a post of a Proxmox staff member 3 months ago: https://forum.proxmox.com/threads/proxmox-ve-install-failure.116700/post-505054
Are you sure you disabled Secure boot? Asking as you wrote about the laptop being locked? The CentOS, Ubuntu or Debian ISOs are signed with Microsoft's UEFI secure boot key that's backed-in in most HW sold, the Proxmox VE ISOs (currently) are not signed with that. We plan to apply for this via the rh-shim sometime next year.

For now, I'd recommend installing Proxmox VE on top of plain Debian:
https://pve.proxmox.com/wiki/Install_Proxmox_VE_on_Debian_11_Bullseye
Click to expand...
 
Hi @Dunuin

The previous message in the thread you point
Thanks for the reply. I did try out both the DD and ISO mode on Rufus but failed. I also tried using VENTOY but the PC complained about security when I used VENTOY. I tried both the PVE 7.0 an d7.1. Same issues but I can install Ubuntu and Centos on the PC.
Click to expand...

The user tested versions 7.0 and 7.1 (three months ago). But it worked well for me with version 7.3
 
as per the linked thread, it seems more likely to me that your bios simply destroys the truenas installer when "repairing" your usb stick. PVE does not support secure boot (yet), either in the installer or at runtime. you can test this using your PVE install by setting up a VM with UEFI+TPM with pre-enrolled keys ;)
 
Hmmm, well, In BIOS, I configured Secure Boot as follows:
IMG_0151 Mediano.jpeg

And under this configuration I could install PVE 7.3 (and recently I could install TrueNAS SCALE) both are based on Debian. But I couldn't install TrueNAS CORE that is based on FreeBSD.

This is not disabling SecureBoot, and there is no option to "disable" it on my BIOS
 
like I said, PVE doesn't setup anything with regards to secureboot at the moment, so those settings must mean that your system allows booting unsigned binaries, in which case, that should also not block the truenas installer from booting.. if it only prints the GPT repair message when you attempt to boot the truenas installer, then something else might be amiss with it or your bios or the combination (and maybe there are alternative ways to install it?)
 
@fabian Yes, the BIOS prints the GPT repair message before loading the EFI filesystem from the USB (I tested also flashing 2 different USBs and one magnetic Hard Drive) and later I explored the "changes" and documented the results here:

Can't install TrueNAS 13 U3.1

I made screen captures and detailed outputs of the commands to explore the GPT partition before and after the repair process. I concluded that there was no change at all so I discarded that line of investigation. In any case, I agree with you, if the message popped up once and does not longer pops up. Something shall be changed in the GPT partition and that something I couldn't capture with the tools I tested.
 
You must log in or register to reply here.
Top Bottom