wvthoog
commented
4 months ago Thanks for this information. My server does not have secure boot enabled. Since i can't check all different other users might have, this input is highly appreciated. Will incorporate that into the script. Another user also noticed that i needed to offer to installed the -signed version of the Proxmox kernel
Serpentiel
Currently, driver installation will fail if the Proxmox VE host has Secure Boot enabled.
Secure Boot enforces having the kernel modules signed by the private key that corresponds to the MOK-enrolled public key.
To avoid the problem, the driver installer should be called with the following arguments:
I suggest that the script starts checking whether Secure Boot is enabled or not, and if it's enabled, it should generate a keypair and enroll the public key using MOK. The driver installation should then be continued normally after a reboot.
Before reboot happens, the script should inform the user that they will have a UEFI-prompt to permit the enrollment of the key before the machine proceeds to the bootloader, and that there is a timeout to do that. It also requires manual input from keyboard, or via iDRAC or some other KVM. Otherwise, enrollment won't be successful, thus the script should also check if the key is enrolled successfully via the MOK utility once the machine finishes booting.