Bug#1054394: Postinst installs unsigned (unbootable) efi on secure boot systems
Michael Biebl
biebl at debian.org
Mon Oct 23 12:09:53 BST 2023
Am 23.10.23 um 12:17 schrieb sympathischerwal:
> Hi,
>
> I am running secure boot with my own keys.
> I signed the efi binary myself with my own keys and put it
> to the efi partition. On a systemd-boot upgrade, the postinst
> overwrites these files, which made my bootable system unbootable.
You could install a dpkg and/or apt hook which does the signing
automatically after a package update.
See e.g. the needrestart package for how to use such a hook.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature.asc
Type: application/pgp-signature
Size: 840 bytes
Desc: OpenPGP digital signature
URL: <http://alioth-lists.debian.net/pipermail/pkg-systemd-maintainers/attachments/20231023/a451c7d8/attachment.sig>
More information about the Pkg-systemd-maintainers
mailing list