Question about switching kernels

[HermannBjorgvin]

Hello, I wanted to know if there's an easy way to set this up so that I can boot kernel-hardened, or the latest kernel, or the latest stable release.

I would have to somehow sign it with a different kernel three times correct?

[gdamjan]

Hi @HermannBjorgvin, yes, you can sign a different kernel.

the default signs /boot/vmlinuz-linux where linux is the SUFFIX (I wanna change that to KVER though). you can run:

secure-boot SUFFIX=hardened

to sign a /boot/vmlinuz-hardened kernel. Does that work for you?

[HermannBjorgvin]

I'll try my hand at that and update you on if it works. I would need to add another hook for the lts and hardened kernels right?

[gdamjan]

yes, you need a separate hook. there's no way around that currently. theoretically, if Arch moves to the kernel-install method, then it would be possible to setup a hook for that. A pacman hook is suboptimal anyways.

[HermannBjorgvin]

Ok I installed two hooks and changed the suffix parameters to linux-lts and linux-hardened. Didn't need to change anything else. Great tool, thanks for writing it!