Hi, I’ve been doing some search on the forum before asking but I didn’t find a single topic related to this?
I’m willing to scale up my local IncusOS experimentation into a more production ready service now, I’m looking for a hosting provider that could allow me to install IncusOS (with tpm2 and secure boot if possible), if someone has tips I’ll be eager to read about them 
Servers located in EU would be best as it’s closer to my users.
I’m also really interested in an answer on this one; I’m struggling to find a EU provider that can provide TPM2 on dedicated servers…
We support running with EITHER missing TPM 2.0 or missing Secure Boot.
Missing both is what’s not supported.
Finding a cloud provider that does Secure Boot and lets you either provision your own keys or boot in setup mode would be sufficient.
Same thing if you can find a cloud provider that supports TPM 2.0 (look for any that supports running Windows 11), then you could install on that potentially with disabled Secure Boot support.
From what I found :
Exoscale :
Ionos :
Feel free to add others
I looked at Scaleway, OVHcloud and Hetzner dedicated servers, and only OVHcloud provides TPM2, but only on the enterprise servers (not their cheap KS and SyS brands). Didn’t have a look at Secure Boot, because I honestly didn’t imagine in 2026 some providers didn’t do it.
I guess I’ll have to buy my own server and find people to share a rack at a DC…
I’m doing a test with Hetzner on a dedicated server now.
Basically getting a cheap AMD system that should have a fTPM, then requesting a KVM be attached to the server (free for up to 3 hours) so I can go inspect the BIOS and make sure it’s enabled.
Then the plan is to download a USB operation image of IncusOS and use the rescue environment to dd that onto one of the disks.
Thank you very much for taking a look
I’ve taken some notes and screenshots to add as a tutorial in the IncusOS docs.
Rough instructions are:
This was done on purpose on a consumer grade AMD platform to ensure that a fTPM would be available in the chip. The same should be true of modern Intel consumer grade platforms.
Server platforms don’t typically have a fTPM and Hetzner may not have added physical TPMs. For those, follow the instructions above but skip the TPM side of things and get yourself an IncusOS image with a software TPM (option for systems without TPM 2.0).
Would be great for folks to contribute similar guides if you get it working at other hosting providers.
Oh that’s excellent! I guess I’ll be following it tomorrow or the day after
I’m having a shot at Scaleway, but it looks like they require DHCP clients to send a specific DUID to get IPv6 on their dedicated servers. There’s no way to do it in IncusOS currently, right?
Correct, we don’t have that in there. It shouldn’t be particularly difficult to add though so long as systemd-networkd supports it.
After a little review of my WIP installation guide, Scaleway actually lets you grab a /128 via SLAAC, which makes the feature not strictly necessary for the install, but still necessary if you want to use the free /48 they provide you.
That may also be a feature for Incus itself, but I don’t think it supports prefix delegation, so it would probably require some care.
Would make sense for IncusOS to have a way to specify the DUID and to also have it request some prefix delegation subnets. So you could configure an interface to request either the whole /48 or a number of /64 and see what you got delegated in the state struct.
Ok, so for people who want to use Scaleway, the Scaleway guide is now live: Installing on a Scaleway dedicated server (Dedibox) - IncusOS documentation
