Bug#996202: systemd - EFI Secure Boot for systemd-boot
Bastian Blank
waldi at debian.org
Tue Oct 12 10:22:27 BST 2021
Package: systemd
Version: 247.9-4
Severity: wishlist
Hi folks
systemd already includes it's own small and EFI based bootloader. To
make it more widely usable, it would be nice to have it secure boot
signed. Signing for secure boot is supported in Debian via a round trip
inside the archive.
I would implement that something in the line of:
- Split off the existing EFI binary into a new package
"systemd-boot-unsigned".
- Create the template package "systemd-boot-$arch-signed-template". It
contains a list of files to be signed and a source package template,
which gets signatures injected into and uploaded by the signing
process.
- The template creates a source and binary package
"systemd-boot-$arch-signed", shipping the signed EFI binary.
- Add a "systemd-boot" package that contains "bootctl" and a dependency
on "systemd-boot-$arch-signed".
I can help with that, as I'm going work on secure boot anyway.
Regards,
Bastian
--
There is an order of things in this universe.
-- Apollo, "Who Mourns for Adonais?" stardate 3468.1
More information about the Pkg-systemd-maintainers
mailing list