Bug#1033725: systemd-boot: Sign systemd-boot with Debian Secure Boot CA
Gihun Nam
gihunnam at proton.me
Fri Mar 31 06:58:55 BST 2023
Package: systemd-boot
Severity: wishlist
X-Debbugs-Cc: gihunnam at proton.me
Dear Maintainer,
Please, sign /usr/lib/systemd/boot/efi/systemd-bootx64.efi with Debian Secure Boot CA
(or maybe create systemd-bootx64.efi.signed) so that systemd-boot can be used with
UEFI Secure Boot and shim out of the box.
Debian provides systemd-boot but does not sign it with a Debian key.
To use systemd-boot with shim, one needs to enroll its hash with MokManager.
Although systemd-boot is not an official bootloader of Debian,
signing it would be handy to people using systemd-boot and Secure Boot with Debian.
Respectively,
Gihun Nam
-- System Information:
Debian Release: 11.6
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500, 'stable')
Architecture: amd64 (x86_64)
Kernel: Linux 5.15.90.1-microsoft-standard-WSL2 (SMP w/8 CPU threads)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: unable to detect
Versions of packages systemd-boot depends on:
ii libc6 2.31-13+deb11u5
pn libsystemd-shared <none>
pn systemd-boot-efi <none>
Versions of packages systemd-boot recommends:
ii efibootmgr 17-1
systemd-boot suggests no packages.
More information about the Pkg-systemd-maintainers
mailing list