superadmin29
Cadet
- Joined
- Jan 23, 2023
- Messages
- 5
Hey y'all. Let me preface this with saying I know that the installation instructions mention to turn off secure boot (SB), however security is important to me so I tried to dig a bit deeper.
While the outcome is unclear to me, it seems that the user ihr in this post may have been able to install with SB using SCALE since it is Debian based? When I attempted to install TrueNas SCALE on my Dell PowerEdge R540, I was greeted with as can be expected with secure boot issues. I am very much a n00b when it comes to SB, but based on some internet searching I think I understand the basics of how SB operates. Debain, while late to the SB party in comparison to other distros has supported SB since Buster. My understanding is that the shim binary is signed by Microsoft, which should be accepted on all hosts. From there, the shim executable can essentially bootstrap other signed distro specific executables to continue boot from there. So that leads to my ultimate question of "why doesn't secure boot work?" The only thing I can think of is that I need to install Machine Owner Keys (MOKs) because TrueNas somehow hasn't included it's keys with shim, or that iX Systems hasn't signed anything and that is why. When trying to validate this, I think the file should be signed but I don't know enough about secure boot to be certain. Regardless, it does not appear to be signed.
That being the case, is this as easy as importing a MOK or would I have to sign the installer myself and also import a MOK? If the latter, is it even reasonable to self sign TrueNAS or is it a way bigger task/headache then my readings have led on?
While the outcome is unclear to me, it seems that the user ihr in this post may have been able to install with SB using SCALE since it is Debian based? When I attempted to install TrueNas SCALE on my Dell PowerEdge R540, I was greeted with
Code:
error: bad shim signature.
Code:
vmlinuz
That being the case, is this as easy as importing a MOK or would I have to sign the installer myself and also import a MOK? If the latter, is it even reasonable to self sign TrueNAS or is it a way bigger task/headache then my readings have led on?