Open hexchain opened 1 year ago
It seems bundles can be signed twice:
% sudo sbctl list-bundles Enrolled bundles: /boot/EFI/arch/linux.efi Signed: ✓ Signed ESP Location: /boot Output: └─/EFI/arch/linux.efi EFI Stub Image: └─/usr/lib/systemd/boot/efi/linuxx64.efi.stub Splash Image: ├─/usr/share/systemd/bootctl/splash-arch.bmp Cmdline: ├─/etc/kernel/cmdline OS Release: ├─/usr/lib/os-release Kernel Image: ├─/boot/vmlinuz-linux Initramfs Image: └─/boot/initramfs-linux.img AMD Microcode: └─/boot/amd-ucode.img % sudo sbctl generate-bundles -s Generating EFI bundles.... Wrote EFI bundle /boot/EFI/arch/linux.efi ✓ Signed /boot/EFI/arch/linux.efi % sudo sbctl sign /boot/EFI/arch/linux.efi ✓ Signed /boot/EFI/arch/linux.efi % sudo sbctl sign /boot/EFI/arch/linux.efi File has already been signed /boot/EFI/arch/linux.efi
It seems bundles can be signed twice: