FreeBSD 13.0 released

Posted Apr 14, 2021 19:37 UTC (Wed) by mjg59 (subscriber, #23239)
In reply to: FreeBSD 13.0 released by jem
Parent article: FreeBSD 13.0 released

systemd-boot is unfortunately not compatible with the Shim approach to UEFI secure boot, so it's difficult to make it a default. I don't think it's too much effort to add that support but it's somewhat outside their design goals. I should probably just put together a PR for it and see.

FreeBSD 13.0 released

Posted Apr 14, 2021 21:24 UTC (Wed) by amacater (subscriber, #790) [Link]

It's also worth pointing out that there is a huge amount of effort making shim, secure boot and revocation if necessary work across several Linux distributions - it's not just something trivial and it is also being adapted to work across architectures.

FreeBSD 13.0 released

Posted Apr 15, 2021 15:50 UTC (Thu) by lobachevsky (subscriber, #121871) [Link]

That sounds pretty cool. There's also work being done for automatic key enrollment [1], which could maybe obviate the need for a shim

[1] https://github.com/systemd/systemd/pull/18716

FreeBSD 13.0 released

Posted Apr 15, 2021 17:39 UTC (Thu) by jem (subscriber, #24231) [Link]

I prefer to sign what I boot with my own keys, so I don't need the Shim. Systemd-boot supports Unified Kernel Images, which bundle all that is needed to boot in a single, UEFI-bootable image that I sign.

I realize it's not realistic for a distro to ask their users to install their certs on their machines, but this setup works well for me with my Arch Linux installation.