It's a separate one from the Microsoft key [0] and is only selected by virt-fw-vars when using '--distro-keys windows'.
[0]: https://support.microsoft.com/en-au/topic/enterprise-deployment-guidance-for-cve-2023-24932-88b8f034-20b7-4a45-80cb-c6049b0f9967#id0ebbj=overview&id0ebbh=overview&id0ebbf=overview&id0ebbl=table_of_certificates Signed-off-by: Fiona Ebner <[email protected]> --- New in v2. src/PVE/QemuServer/OVMF.pm | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/src/PVE/QemuServer/OVMF.pm b/src/PVE/QemuServer/OVMF.pm index 436edb47..a8317ea6 100644 --- a/src/PVE/QemuServer/OVMF.pm +++ b/src/PVE/QemuServer/OVMF.pm @@ -305,7 +305,16 @@ sub ensure_ms_2023_cert_enrolled { my $efi_vars_path = PVE::QemuServer::QSD::add_fuse_export($qsd_id, $efidisk, 'efidisk0-enroll'); PVE::Tools::run_command( - ['virt-fw-vars', '--inplace', $efi_vars_path, '--distro-keys', 'ms-uefi']); + [ + 'virt-fw-vars', + '--inplace', + $efi_vars_path, + '--distro-keys', + 'ms-uefi', + '--distro-keys', + 'windows', + ], + ); PVE::QemuServer::QSD::remove_fuse_export($qsd_id, 'efidisk0-enroll'); }; my $err = $@; -- 2.47.3 _______________________________________________ pve-devel mailing list [email protected] https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
