siderolabs
Secure Boot keys are not enrolled automatically
Bug Report
Description
Following from https://github.com/siderolabs/talos/issues/7828, I managed to figure out how to install Talos successfuly.
I was using Ventoy, but had to use a dedicated USB stick instead. I imagine this is because Talos got confused about thought the keys were already enrolled, when they weren't. I started again, and noticed the option to enroll keys which was set to 'auto'. I continued with the installation, but secure boot was not enabled when Talos rebooted. Instead, I had to start again (again) and enroll the keys manually, which then worked.
https://www.talos.dev/v1.5/talos-guides/install/bare-metal-platforms/secureboot/
Logs
Environment
- Talos version: v1.6.0-alpha.0-66-g336aee0fd
- Kubernetes version: N/A
- Platform:
This will be an issue with your UEFI firmware and systemd-boot. It works fine on UEFI firmwares we tested with. Manual enrollment is always an option though.
@uhthomas I have ASUS Z690, and even after pressing this button I'm still getting SecureBoot: False
How did you manage to fix it?
@maxpain secure boot on these motherboards is really painful. They often will not actually do what you tell it to do.
Make sure to go to your BIOS and then Boot > Secure Boot. Select Windows UEFI and do not use the default keys. It should say it's in setup mode eventually. It may take a few restarts for it to actually work.
@uhthomas Hmm, my current mode is "Other OS." I didn't know that I actually needed "Windows UEFI".
@maxpain Yeah, it's really silly. If you read the documentation then "Other OS" actually means "Disable Secure Boot".
This issue is stale because it has been open 180 days with no activity. Remove stale label or comment or this will be closed in 7 days.
![github-actions[bot] avatar](https://avatars.githubusercontent.com/in/15368?v=4 "Published by a pub.dev verified publisher"){kind=small}
This issue was closed because it has been stalled for 7 days with no activity.