[systemd-devel] why systemd-boot (seems as everyone else) does not check the signatures of initramfs?
Lennart Poettering
lennart at poettering.net
Mon Jun 5 08:21:46 UTC 2023
On Sa, 27.05.23 08:31, Felix Rubio (felix at kngnt.org) wrote:
> Hi Lennart,
>
> I remember having read some time ago that UKI could pose problems with
> early-boot modules provided by vendors and so. But... let's give it a try!
> Then, the process should be:
>
> 1. Install a version of shim signed with MS keys.
> 2. Generate the UKI
> 3. rename the UKI image to grubx64.efi so that it gets picked up by shim
>
> As a side: the ESP partition is bit small. Do you think if I introduce
> systemd-boot I could load the UKI being stored from /boot? In that case this
> would be like
>
> 1. Install a version of shim signed with MS keys.
> 2. Install systemd-boot as grubx64.efi so that it gets picked up by shim
> 3. Generate the UKI to /boot/
>
> I will give it a try... and see how it goes.
systemd-boot can look into either ESP or XBOOTLDR for UKIs btw,
precisely to deal with the problems around sizing ESP.
Lennart
--
Lennart Poettering, Berlin
More information about the systemd-devel
mailing list