From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from firstgate.proxmox.com (firstgate.proxmox.com [212.224.123.68]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by lists.proxmox.com (Postfix) with ESMTPS id 832EC9ECE8 for ; Tue, 28 Nov 2023 14:56:40 +0100 (CET) Received: from firstgate.proxmox.com (localhost [127.0.0.1]) by firstgate.proxmox.com (Proxmox) with ESMTP id 63D4517D71 for ; Tue, 28 Nov 2023 14:56:40 +0100 (CET) Received: from proxmox-new.maurer-it.com (proxmox-new.maurer-it.com [94.136.29.106]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by firstgate.proxmox.com (Proxmox) with ESMTPS for ; Tue, 28 Nov 2023 14:56:39 +0100 (CET) Received: from proxmox-new.maurer-it.com (localhost.localdomain [127.0.0.1]) by proxmox-new.maurer-it.com (Proxmox) with ESMTP id 9818D41016 for ; Tue, 28 Nov 2023 14:56:39 +0100 (CET) From: Alexander Zeidler To: pve-devel@lists.proxmox.com Date: Tue, 28 Nov 2023 14:56:28 +0100 Message-Id: <20231128135629.123748-1-a.zeidler@proxmox.com> X-Mailer: git-send-email 2.39.2 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-SPAM-LEVEL: Spam detection results: 0 AWL 0.067 Adjusted score from AWL reputation of From: address BAYES_00 -1.9 Bayes spam probability is 0 to 1% DMARC_MISSING 0.1 Missing DMARC policy KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment SPF_HELO_NONE 0.001 SPF: HELO does not publish an SPF Record SPF_PASS -0.001 SPF: sender matches SPF record T_SCC_BODY_TEXT_LINE -0.01 - Subject: [pve-devel] [PATCH docs 1/2] secure boot: fix typos, add inline code formatting X-BeenThere: pve-devel@lists.proxmox.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: Proxmox VE development discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 28 Nov 2023 13:56:40 -0000 Signed-off-by: Alexander Zeidler --- system-booting.adoc | 15 ++++++++------- 1 file changed, 8 insertions(+), 7 deletions(-) diff --git a/system-booting.adoc b/system-booting.adoc index c8761a4..af56225 100644 --- a/system-booting.adoc +++ b/system-booting.adoc @@ -380,10 +380,11 @@ and integration in `proxmox-boot-tool`. The following packages need to be installed for Secure Boot to be enabled: -- shim-signed (shim bootloader signed by Microsoft) -- shim-helpers-amd64-signed (fallback bootloader and MOKManager, signed by Proxmox) -- grub-efi-amd64-signed (Grub EFI bootloader, signed by Proxmox) -- proxmox-kernel-6.X.Y-Z-pve-signed (Kernel image, signed by Proxmox) +- `shim-signed` (shim bootloader signed by Microsoft) +- `shim-helpers-amd64-signed` (fallback bootloader and MOKManager, signed by + Proxmox) +- `grub-efi-amd64-signed` (Grub EFI bootloader, signed by Proxmox) +- `proxmox-kernel-6.X.Y-Z-pve-signed` (Kernel image, signed by Proxmox) Only Grub as bootloader is supported out of the box, since there are no other pre-signed bootloader packages available. Any new installation of {pve} will @@ -419,7 +420,7 @@ To check the latter, run: # findmnt / ---- -If the host is indeed running using ZFS as root filesystem, the `FSTYPE` column +If the host is indeed using ZFS as root filesystem, the `FSTYPE` column should contain `zfs`: ---- TARGET SOURCE FSTYPE OPTIONS @@ -485,8 +486,8 @@ can try adding it manually (if supported by the firmware), by adding the file NOTE: Some UEFI firmwares are known to drop the `proxmox` boot option on reboot. This can happen if the `proxmox` boot entry is pointing to a Grub installation -on a disk, where the disk itself not a boot option. If possible, try adding the -disk as a boot option in the UEFI firmware setup utility and run +on a disk, where the disk itself is not a boot option. If possible, try adding +the disk as a boot option in the UEFI firmware setup utility and run `proxmox-boot-tool` again. TIP: To enroll custom keys, see the accompanying -- 2.39.2