Closed ibay770 closed 1 year ago
I appreciate the suggestion, but this is not on my TODO list for the foreseeable future and probably never will be. There are a few reasons for this:
An installer is not really within the scope of the EfiGuard project. While it is of course true that EfiGuard is only useful when used in combination with Windows, that does not mean EfiGuard is a Windows application - especially not one that comes with an "installer" as is often the case on Windows (for reasons I don't always fully understand). EfiGuard was written to conform to UEFI standards and conventions so that it can be managed (or "installed") using any tool that follows these same standards, regardless of the OS or other preboot environment. There is nothing special about EfiGuard in terms of installation or maintenance that means it should require its own installer compared to any other boot manager or boot application such as GRUB, rEFInd, the Linux kernel (when compiled with EFI stub), and so on.
Continuing from my previous point, there are actually many tools that can already manage UEFI boot options this way. While that is not exactly the same as an "installer", I would say that this makes them more useful than an installer, not less. Here are some I can recommend:
bcfg
, which is part of the UEFI shell that is developed by TianoCore in EDK2.efibootmgr
.I'm not necessarily opposed to reinventing the wheel just for the sake of fun or learning, or sometimes because I think I can do a better job, so I'm not saying I'll never write a "bcfg clone" or "efibootmgr clone" for Windows. But if I were to do this, it would be a standalone project separate from EfiGuard.
Finally, I am also frankly not really interested in spending time developing any sort of installer (for anything, including EfiGuard). I find installers annoying to run, so it stands to reason I would probably find them annoying to write too. That means someone else would have to write the installer and make a PR for it, which I would then most likely just reject anyway due to the previous two points. Not really the best motivation for starting a project.
OK, but does that mean I think an installer is out of scope simply because having one is not strictly required and existing tools can also do the job? No, but I do define the scope of EfiGuard as roughly "whatever I find useful". And given that, I have to say that since I wouldn't use such an installer myself, let alone write one, it really is out of scope. So I will be closing this issue, but thanks for making it all the same, because I realised it would be good to have as a reference for why I'm not planning to add installer-like features to EfiGuard, since I've had similar requests a few times in the past.
Fair enough. Thank you for making EFIGuard all the same, hopefully it disables driver enforcement by default instead of pressing F8 every time.
First, many thanks for the project. Second, if its possible to write an installer, maybe a cmd or powershell script that can add this to the boot sequence, that would be amazing.