How to Enable Secure Boot - Complete Guide
Question: How do I enable secure boot in Proxmox VMs?
Answer: UEFI with secure boot configuration
What is Secure Boot?
Purpose
Secure boot ensures only signed operating systems can boot. This protects against:
- Boot malware
- Unauthorized OS loading
- Rootkits
Prerequisites
Requirements
- UEFI BIOS (OVMF)
- EFI disk
- Signed boot loader
How to Enable Secure Boot
Step 1: Ensure UEFI
# Check current BIOS
qm config 100 | grep bios
# Enable UEFI if needed
qm set 100 --bios ovmfStep 2: Add EFI Disk
# Create EFI disk
qm set 100 --efidisk0 local:1GStep 3: Enable Secure Boot
# Secure boot (default certificate)
qm set 100 --secureboot 1Alternative: Custom Keys
# Use different PK/KEK/DB
qm set 100 --bios ovmf --secure-boot customHow to Disable Secure Boot
Disable Secure Boot
# Disable secure boot
qm set 100 --secureboot 0How to Verify Secure Boot
Check Status
qm config 100 | grep -i secureOperating Systems Supporting Secure Boot
| OS | Secure Boot Support |
|---|---|
| Windows 10/11 | Yes |
| Ubuntu 20.04+ | Yes |
| Fedora 33+ | Yes |
| Linux 5.4+ | Yes |
Keywords
secureboot uefi security how-to bios