Bug#1033725: systemd-boot: Sign systemd-boot with Debian Secure Boot CA
Michael Biebl
biebl at debian.org
Tue Aug 22 13:13:42 BST 2023
Control: tags -1 + wontfix
On Fri, 31 Mar 2023 09:18:41 +0200 Michael Biebl <biebl at debian.org> wrote:
> Am 31.03.23 um 07:58 schrieb Gihun Nam:
> > Package: systemd-boot
> > Severity: wishlist
> > X-Debbugs-Cc: gihunnam at proton.me
> >
> > Dear Maintainer,
> >
> > Please, sign /usr/lib/systemd/boot/efi/systemd-bootx64.efi with Debian Secure Boot CA
> > (or maybe create systemd-bootx64.efi.signed) so that systemd-boot can be used with
> > UEFI Secure Boot and shim out of the box.
> >
> > Debian provides systemd-boot but does not sign it with a Debian key.
> > To use systemd-boot with shim, one needs to enroll its hash with MokManager.
> > Although systemd-boot is not an official bootloader of Debian,
> > signing it would be handy to people using systemd-boot and Secure Boot with Debian.
>
>
> We would love too, but this is not in the hands of the systemd(-boot)
> maintainers.
>
> Please see
> https://salsa.debian.org/systemd-team/systemd/-/merge_requests/132
> https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=996202
>
>
Since this is not actionable for us at this point, I'm marking the bug
as wontfix.
Michael
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature.asc
Type: application/pgp-signature
Size: 840 bytes
Desc: OpenPGP digital signature
URL: <http://alioth-lists.debian.net/pipermail/pkg-systemd-maintainers/attachments/20230822/52a36cbf/attachment.sig>
More information about the Pkg-systemd-maintainers
mailing list