Secure Boot Install fails with Specific Node

[TheoBassaw]

Bug Report

Description

I have been trying to deploy Talos v1.80 (and v1.7.6 previously) on a couple of mini PCs for a test cluster. The hardware is two Lenovo M910x and an HP Prodesk 600 G2 Mini, running the latest bios updates. Installation on the Lenovo machines was easy enough. I enrolled the keys and enabled TPM encryption following the Secure Boot docs. The HP mini is the one with the problem

1. Burned the secure boot iso via dd on a USB drive and tried to boot it on the HP Mini but it doesn't see it.
2. As an alternative, load the ISO via Ventoy. It booted and enrolled the keys.
3. Went through the installation and enabled TPM encryption of both State and Emphermal partitions. The machine proceeds to reboot.
4. The machine reboots into a Secure Boot Violation screen. As a quick test, disabling Secure Boot allows the machine to boot. Re-enabling Secure Boot brings back the Violation screen.
5. Re-enrolling the keys, allows it to boot but the State and Emphermal partitions can't unlock due to Seal Policy mismatch. (I'm confused why I need to even re-enroll the keys. It's as if they disappeared)

This is where I am.

Logs

I can't obtain logs since it can't fully boot until the partitions are unlocked. I can do camera pics if you are fine with that

talosctl dmesg --talosconfig=./talosconfig --nodes 10.20.30.5
1 error occurred:
 rpc error: code = Unavailable desc = connection error: desc = "transport: Error while dialing: dial tcp 10.20.30.5:50000: connect: connection refused"

Environment

• Talos version: v1.8.0
• Kubernetes version: v1.31.0
• Platform: metal