Why though?

Posted Jul 9, 2024 12:02 UTC (Tue) by kraxel (subscriber, #49444)
In reply to: Why though? by mezcalero
Parent article: Giving bootloaders the boot with nmbl

Well, you don't want bootx64.efi being the UKI because you don't have a fallback then in case a kernel update goes wrong, so it must be something else ...

Using shim.efi -> fallback.efi and having fallback.efi create BootNNNN entries pointing to the kernels in EFI\Linux\... is one option, and the one used by the cloud images linked in the previous comment.

Using sd-boot is an option too, but right now in fedora only without secure boot. Once https://pagure.io/releng/issue/10765 is solved (which I hope will not take another two years) I'll have a look at this + auto-enroll.

Why though?

Posted Jul 9, 2024 12:16 UTC (Tue) by bluca (subscriber, #118303) [Link]

> Using sd-boot is an option too, but right now in fedora only without secure boot. Once https://pagure.io/releng/issue/10765 is solved (which I hope will not take another two years) I'll have a look at this + auto-enroll.

I wonder if I'll manage to beat Fedora by shipping a shim-trusted sd-boot in Debian first :-P Currently waiting on the Debian CA owners to create a new set of intermediate certificates, everything else is ready and waiting...