Open iulko opened 4 months ago
Hi,
No real reason, I just didn't care for it enough :) I've read the debian secure boot page and it all seemed an awful lot of work.
I will try to find some time and implement this into the installer.
The problem is that we are using systemd-boot instead of grub and debian refused to sign systemd-boot with their keys - see https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=996202
Also, the debian shim-signed package depends on grub and does not support systemd-boot - see https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1039058
Good news on https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=996202:
From: Luca Boccassi bluca@debian.org To: 996202@bugs.debian.org Cc: waldi@debian.org, biebl@debian.org, debian-efi@lists.debian.org Subject: Re: Bug#996202: EFI Secure Boot for systemd-boot Date: Mon, 04 Mar 2024 02:13:25 +0000 … The upstream Shim reviewers group now accepts systemd-boot as a 2nd stage bootloader, trusted by Shim builds signed with the UEFI 3rd party CA. This clears the way for Debian's CA to sign systemd-boot, so I am reopening this bug.
Why secure boot cant be enabled with this installer when official debian installer can be?