maximbaz
commented
2 years ago Hello, glad you found this interesting!
I did have to install Windows as dual-boot a few times for some short experiments, always used UEFI method, Windows will just add its entry and that's it.
However you are right to suspect issues with Secure Boot - I dont know if it's possible to force Windows to use our own keypair, since I didn't need it for long I just disabled Secure Boot when I needed to boot into Windows.
Alternatively you should look into this approach: https://wiki.archlinux.org/title/Unified_Extensible_Firmware_Interface/Secure_Boot#Using_a_signed_boot_loader
I don't particularly like the approach, as earlier in that same wiki page they mention a downside when using manufacturer's key:
Default manufacturer/third party keys aren't in use, as they have been shown to weaken the security model of Secure Boot by a great margin[3]
But I guess it's better than disabling Secure Boot altogether :)
skbolton
5ouls3dge
Thanks for creating this resource I am seriously excited to possibly drop a lot of grub cruft I have been dealing with. My one issue that I am wondering if you have experience with is a system that also boots into windows. This style of booting from uefi directly is new to me and I am wondering how this would work. Does the windows side just work by creating its own uefi entry and there is no overlap, or would I have to get the same private key generated from scripts embedded into the windows filesystem somehow?
if you aren’t familiar with this then no worries, just seeing if it’s possible to know about this before diving in.