The following packages need to be installed for Secure Boot to be enabled:
-- shim-signed (shim bootloader signed by Microsoft)
-- shim-helpers-amd64-signed (fallback bootloader and MOKManager, signed by Proxmox)
-- grub-efi-amd64-signed (Grub EFI bootloader, signed by Proxmox)
-- proxmox-kernel-6.X.Y-Z-pve-signed (Kernel image, signed by Proxmox)
+- `shim-signed` (shim bootloader signed by Microsoft)
+- `shim-helpers-amd64-signed` (fallback bootloader and MOKManager, signed by
+ Proxmox)
+- `grub-efi-amd64-signed` (Grub EFI bootloader, signed by Proxmox)
+- `proxmox-kernel-6.X.Y-Z-pve-signed` (Kernel image, signed by Proxmox)
Only Grub as bootloader is supported out of the box, since there are no other
pre-signed bootloader packages available. Any new installation of {pve} will
# findmnt /
----
-If the host is indeed running using ZFS as root filesystem, the `FSTYPE` column
+If the host is indeed using ZFS as root filesystem, the `FSTYPE` column
should contain `zfs`:
----
TARGET SOURCE FSTYPE OPTIONS
NOTE: Some UEFI firmwares are known to drop the `proxmox` boot option on reboot.
This can happen if the `proxmox` boot entry is pointing to a Grub installation
-on a disk, where the disk itself not a boot option. If possible, try adding the
-disk as a boot option in the UEFI firmware setup utility and run
+on a disk, where the disk itself is not a boot option. If possible, try adding
+the disk as a boot option in the UEFI firmware setup utility and run
`proxmox-boot-tool` again.
TIP: To enroll custom keys, see the accompanying