Oh, okay, of course that’s the last thing I want to change. Because I bought the device in trust that Purism provides myself with an unchanged and safe boot system. It would of course be an option that comes last.
Maybe I would rather buy another device to use it for proxmox.
May I ask how so complicated and does not work?
Shouldn’t that work out of the box that you can determine your operating system yourself?
1 Like
I suspect that in order to have a chance that this works you will want to change boot firmware from Pureboot to Coreboot/BIOS. But that procedure should only be undertaken with care!
Do I need a new image of Coreboot from the Internet, or can I do this with the existing pureboot that is already installed?
1 Like
My understanding is that it downloads the chosen firmware from the internet. You will of course also have to download from the internet the script that allows you to change the choice of firmware in the first place. So, yes, to do this, you will need internet access - and I believe you will need internet access on the computer itself i.e. on the computer whose boot firmware is being changed.
I am not in a position to say that it doesn’t work or that changing to the alternative boot firmware will make it work. Proxmox VE is not something that I have ever used. However that is where I would go with the next troubleshooting step if it were me.
My understanding is: In order for the secure boot firmware (Pureboot) to validate the integrity of all relevant files in the boot file system, it needs to know which files need to be checked in order to make sure that the files have not been tampered with.
By definition
- Pureboot must first be able to interpret the chosen partition table type
- Pureboot must be able to find the boot partition
- Pureboot must be able to interpret the file system on that partition
- All files that need checking must reside on that file system.
… and Pureboot needs to do that before transferring control to any file in the boot file system (hence it can’t rely on any code in the target operating system to help with this process).
So you are free to write your own operating system or to download any random operating system (e.g. Microsoft Windows) and partition the boot disk however you like and use the ExoOFS file system as the boot file system but … Pureboot won’t be able to guarantee that it has checked all relevant files and, worst case, Pureboot won’t be able to do its job at all.
So the implementation choices would be
- Pureboot fails the boot, or
- Pureboot skips what it doesn’t understand and gives a false guarantee of security.
The above description is obviously an extreme scenario. Proxmox VE is, I would guess, in the Linux family and hence could be close to working on the Librem Mini but evidently something is going wrong.
2 Likes
I tried it with a different operating system. Including Pureos and Debian, Manjaro, Fedora. It’s the same everywhere.
I wonder if I made a mistake during the first commissioning with my libremkey. Maybe I was too hasty and did something wrong.
But thank you very much for the nice support.
I also wrote Purism’s support.
Apparently there are many people who have successfully installed their own operating system. I want to do that too … at some point. 
@irvinewade Do you have instructions for the coreboot option?
1 Like
You should use the official documentation. Librem Mini - Purism user documentation and click Maintenance.
1 Like
The counter measures how many times the user and admin PINs have been inputted on the Librem Key.
1 Like
I found something else there. And if I want to hang the fresh USB stick into my Linux system on which Proxmox is located. That doesn’t work. And that because the Linuxkernel I use (a current Debian) hfsplus cannot read.
Maybe the dog is buried there and because of that, it doesn’t work with the pureboot?
In the other hand, it is not possible with other ISOs.
edit:
hfsplus works on a Manjaro. I can open the stick there.
edit:
I think that’s a matter of the boot system.
Modern UEFIs everyone gathers the Proxmox USB boot.
1 Like
I have achieved a little progress.
I wrote the latest QubesOS with Etcher on a USB3.0 stick again. It booted.
Before that, I had put everything back on factory settings and re -generated my key.
I could now install QubesOS as it seems.
But continue to try proxmox.
Another solution would be that I use a Debian as a server for some services. I’ll try that again later.
1 Like