Custom or different folder for secure boot keys (e.g. /etc/keys) instead of hard-coded /usr/share/secureboot/keys/

[conrad-heimbold]

refind-install --localkeys uses /etc/refind.d/keys as folder for own secure boot keys: (see https://pagure.io/rEFInd-src/blob/master/f/refind-install#_224 and https://wiki.archlinux.org/title/REFInd#Using_your_own_keys ) but sbctl create-keys uses /usr/share/secureboot/keys: https://github.com/Foxboron/sbctl/blob/843fdc93b0813648d38969a09be456874ad74a6c/keys.go#L29

Why this difference?

When the secure boot keys are manually user-generated, then I think it is better to place them under /etc/ .

For example sshd also saves their private host keys under /etc/:

$ ls -al /etc/ssh/ssh_host_*_key
-rw-r-----.   1 root ssh_keys    227 25 Jul 20:50 ssh_host_ecdsa_key
-rw-r-----.   1 root ssh_keys    387 25 Jul 20:50 ssh_host_ed25519_key
-rw-r-----.   1 root ssh_keys   1675 25 Jul 20:50 ssh_host_rsa_key

As far as I know, everything under /usr should not be edited by humans.

My setup so far was to symlink all necessary secure boot keys in /etc/refind.d/keys:

$ ls -al /etc/refind.d/keys/
... 
lrwxrwxrwx. 1 root root   34 25 Jul 20:50 refind_local.cer -> /etc/keys/secure-boot/keys/DB.cer
lrwxrwxrwx. 1 root root   34 25 Jul 20:50 refind_local.crt -> /etc/keys/secure-boot/keys/DB.crt
lrwxrwxrwx. 1 root root   34 25 Jul 20:50 refind_local.key -> /etc/keys/secure-boot/keys/DB.key
... 

[conrad-heimbold]

Closing because this issue is a duplicate of #57 .