Am 21.01.26 um 4:44 PM schrieb Fiona Ebner: > Changes in v3: > * drop already applied patches > * squash ui patches > * add additional newline in confirm dialog to better separate subject > from note > * move enrollment to Disk Actions menu > * also suggest and support enrollment for non-Windows guests (Linux > distro shims are also signed with the Microsoft KEK) > * add docs patch > > Changes in v2: > * add patch to also enroll the Windows UEFI CA 2023 > * improve readability of change_drive() function > * ui: add more context to confirmation dialog > * add patch introducing a '2023w' marker so that drives already > enrolled with only the MS 2023 cert can still be detected as needing > enrollment > > Make it possible to enroll via the API and UI by setting the > ms-cert=2023w marker on the EFI disk. > > The previous Microsoft UEFI CA 2011 will expire in June 2026, and the > previous Windows UEFI CA 2011 will expire in October 2026, so there > should be a way to update that can be automated and done while guests > are running. > > pve-manager needs a dependency bump for qemu-server for the API call > to have the desired effect (or the marker will just get set without > actually enrolling).
Ping
