Actions
action #127145
openshim support for sd-boot
Status:
In Progress
Priority:
High
Assignee:
-
Target version:
-
Start date:
2023-04-04
Due date:
% Done:
20%
Estimated time:
Description
bootctl install currently only installs systemd-boot into the efi partition. If we want to be able to boot on systems that only have the MS cert we'd need bootctl to also take care of shim somehow. Shim currently hardcodes grub.efi so systemd-boot would have to be installed with that name or shim needs adjustments.
Probably discussion with upstream needed.
Updated by lnussel about 1 year ago
In the context of FDE, sd-boot needs to auto detect using pcr14 if shim is used -> is in pcr7 also
Updated by lnussel about 1 year ago
- Status changed from New to In Progress
- % Done changed from 0 to 10
filed https://github.com/systemd/systemd/issues/27234 for upstream discussion
Updated by lnussel about 1 year ago
Shim PCR registers https://github.com/rhboot/shim/blob/main/README.tpm
Updated by lnussel about 1 year ago
- % Done changed from 10 to 20
Actions