From 3c55e416caef414fa6c1862fc383a06faa464d57 Mon Sep 17 00:00:00 2001 From: Alexander Zeidler Date: Tue, 28 Nov 2023 14:35:08 +0100 Subject: [PATCH] docs: add further secure boot information, as in pve-docs Signed-off-by: Alexander Zeidler --- docs/system-booting.rst | 21 ++++++++++++++++----- 1 file changed, 16 insertions(+), 5 deletions(-) diff --git a/docs/system-booting.rst b/docs/system-booting.rst index 2803212e..bef0dec7 100644 --- a/docs/system-booting.rst +++ b/docs/system-booting.rst @@ -8,8 +8,9 @@ Host Bootloader selected in the installer. For EFI Systems installed with ZFS as the root filesystem ``systemd-boot`` is -used. All other deployments use the standard ``grub`` bootloader (this usually -also applies to systems which are installed on top of Debian). +used, unless Secure Boot is enabled. All other deployments use the standard +``grub`` bootloader (this usually also applies to systems which are installed +on top of Debian). .. _systembooting-installer-part-scheme: @@ -30,9 +31,10 @@ The created partitions are: remaining space available for the chosen storage type Systems using ZFS as a root filesystem are booted with a kernel and initrd image -stored on the 512 MB EFI System Partition. For legacy BIOS systems, ``grub`` is -used, for EFI systems ``systemd-boot`` is used. Both are installed and configured -to point to the ESPs. +stored on the 512 MB EFI System Partition. For legacy BIOS systems, and EFI +systems with Secure Boot enabled, ``grub`` is used, for EFI systems without +Secure Boot, ``systemd-boot`` is used. Both are installed and configured to +point to the ESPs. ``grub`` in BIOS mode (``--target i386-pc``) is installed onto the BIOS Boot Partition of all selected disks on all systems booted with ``grub`` (that is, @@ -102,6 +104,15 @@ Proxmox Backup's kernel update synchronization mechanism, use the following: # proxmox-boot-tool init /dev/sda2 +or + +.. code-block:: console + + # proxmox-boot-tool init /dev/sda2 grub + +to force initialization with Grub instead of systemd-boot, for example for +Secure Boot support. + Following this, `/etc/kernel/proxmox-boot-uuids`` should contain a new line with the UUID of the newly added partition. The ``init`` command will also automatically trigger a refresh of all configured ESPs.