Closed osimarr closed 2 years ago
Out of curiosity: what are the benefits of unified kernel image without signature? Possibility of /boot encryption?
Out of curiosity: what are the benefits of unified kernel image without signature? Possibility of /boot encryption?
Boot encryption is my main reason. I use systemd-boot and don't need to create the extra efi/boot partition.
Hi,
Image signing is the main task of sbupdate
, so I think this feature is out of scope.
If you want to boot the kernel as an UEFI executable, you can use EFISTUB.
Use mkinitcpio --uefi
to create UEFI images without signing.
sbupdate is not only a helper to sign the efi image, but also to manage and compose the unified kernel image. Systems that doesn't support secure boot can still benefit from it. This patch adds a config option to skip efi signature.
Signed-off-by: David Cohen dacohen@pm.me