From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from firstgate.proxmox.com (firstgate.proxmox.com [212.224.123.68]) by lore.proxmox.com (Postfix) with ESMTPS id 31BE51FF37F for ; Thu, 18 Apr 2024 16:25:48 +0200 (CEST) Received: from firstgate.proxmox.com (localhost [127.0.0.1]) by firstgate.proxmox.com (Proxmox) with ESMTP id 4382E1E62E; Thu, 18 Apr 2024 16:25:48 +0200 (CEST) From: Stoiko Ivanov To: pve-devel@lists.proxmox.com Date: Thu, 18 Apr 2024 16:24:58 +0200 Message-Id: <20240418142458.2318174-1-s.ivanov@proxmox.com> X-Mailer: git-send-email 2.39.2 MIME-Version: 1.0 X-SPAM-LEVEL: Spam detection results: 0 AWL 0.076 Adjusted score from AWL reputation of From: address BAYES_00 -1.9 Bayes spam probability is 0 to 1% DMARC_MISSING 0.1 Missing DMARC policy KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment SPF_HELO_NONE 0.001 SPF: HELO does not publish an SPF Record SPF_PASS -0.001 SPF: sender matches SPF record Subject: [pve-devel] [PATCH docs] secure boot: mention proxmox-secure-boot-support metapackage X-BeenThere: pve-devel@lists.proxmox.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: Proxmox VE development discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: Proxmox VE development discussion Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Errors-To: pve-devel-bounces@lists.proxmox.com Sender: "pve-devel" Signed-off-by: Stoiko Ivanov --- Just had the opportunity to try this on a testsystem - it worked flawlessly :) I did consider dropping the explicit list of packages and replace it by the metapackage only, but think that the additional explanation of how they interact is worth keeping. system-booting.adoc | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/system-booting.adoc b/system-booting.adoc index 9603fc0..3847354 100644 --- a/system-booting.adoc +++ b/system-booting.adoc @@ -378,7 +378,8 @@ Secure Boot Since {pve} 8.1, Secure Boot is supported out of the box via signed packages and integration in `proxmox-boot-tool`. -The following packages need to be installed for Secure Boot to be enabled: +The following packages needed for Secure Boot to work, are installed as +dependency of `proxmox-secure-boot-support`: - `shim-signed` (shim bootloader signed by Microsoft) - `shim-helpers-amd64-signed` (fallback bootloader and MOKManager, signed by @@ -404,9 +405,9 @@ well-tested backup of your {pve} host!** An existing UEFI installation can be switched over to Secure Boot if desired, without having to reinstall {pve} from scratch. -First, ensure all your system is up-to-date. Next, install all the required -pre-signed packages as listed above. GRUB automatically creates the needed EFI -boot entry for booting via the default shim. +First, ensure all your system is up-to-date. Next, install +`proxmox-secure-boot-support`. GRUB automatically creates the needed EFI boot +entry for booting via the default shim. .systemd-boot -- 2.39.2 _______________________________________________ pve-devel mailing list pve-devel@lists.proxmox.com https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel