VE 8.2, secure boot violation (+)

[user127]

According to docs the secure boot is supported (starting from 8.1). But I am getting secure boot violation error for MSI Cubi N ADL (N200) nettop with factory default secure boot settings. The installation media (USB flash drive) is created using rufus 4.5p (as suggested by the same docs) in DD mode (at least the corresponding warning is observed after choosing VE's ISO file).
Any advise?
Thanks.

 

[fabian]

could you post the full error? and maybe a picture of the secure boot options in the UEFI firmware setup screen?

 

[user127]

could you post the full error? and maybe a picture of the secure boot options in the UEFI firmware setup screen?

"Verifying shim SBAT data failed: Security Policy Violation
Something has gone seriously wrong: SBAT self-check failed: Security Policy Violation"

Default UEFI secure setup is laconic:

Spoiler

Some signatures (from initial state of the custom mode):

Spoiler

 

[fabian]

that looks okay.. could you try "Delete all Secure Boot variables"? if that doesn't work, can you try disabling secure boot, installing, upgrading (ensure proper repositories are configured), and then install "proxmox-secure-boot-support" and re-enable secure boot?

 

[user127]

that looks okay.. could you try "Delete all Secure Boot variables"? if that doesn't work, can you try disabling secure boot, installing, upgrading (ensure proper repositories are configured), and then install "proxmox-secure-boot-support" and re-enable secure boot?

"Delete all Secure Boot variables" does not help. After installation with disabled secure boot the system is loaded with no errors even if the secure boot is enabled and "proxmox-secure-boot-support" is not installed. So it seems the problem is related with installation media.
Thanks.

 

[rtorres]

"Delete all Secure Boot variables" does not help. After installation with disabled secure boot the system is loaded with no errors even if the secure boot is enabled and "proxmox-secure-boot-support" is not installed. So it seems the problem is related with installation media.
Thanks.

Have you tried installing the proxmox-secure-boot-support?

I’d like for us to give Fabian as much info as we can to get this fixed.

I’m having the same issue as you are and need to manually enroll keys/SHIM + MOK before I can enable secure boot. I can’t run that install as mine is already fixed

 

[fabian]

"Delete all Secure Boot variables" does not help. After installation with disabled secure boot the system is loaded with no errors even if the secure boot is enabled and "proxmox-secure-boot-support" is not installed. So it seems the problem is related with installation media.
Thanks.

did you upgrade before enabling secure boot? if so, that is to be expected (the issue is that the newer shim forbids loading the older shim, and that policy remains in place even when you attempt to reinstall, and the ISO still comes with the older shim). installing proxmox-secure-boot just ensures the secure boot packages remain installed, please install it anyway to ensure you don't run into problems down the line!

 

[user127]

did you upgrade before enabling secure boot? if so, that is to be expected (the issue is that the newer shim forbids loading the older shim, and that policy remains in place even when you attempt to reinstall, and the ISO still comes with the older shim). installing proxmox-secure-boot just ensures the secure boot packages remain installed, please install it anyway to ensure you don't run into problems down the line!

Yep, I had upgraded before enabling.
Thanks.