Hey Luca, > > So for the secure boot case in binary_grub-efi, what we do is that > > if the signed monolithic EFI binaries are available we copy those > > instead of building a new image. > > > > ... > > > > https://salsa.debian.org/live-team/live-build/blob/master/scripts/build/binary_grub-efi#L79 Aha! Turns out I was looking at an old version, I messed up my git checkout apparently. That script indeed does what I would expect: Install shim alongside grub and use signed grub to make shim load it.
> Ah silly me, I forgot something simple but quite fundamental: the point > of syslinux is to avoid using grub entirely. But indeed, I was aiming for syslinux, so none of this secure boot stuff will actually work with syslinux. Gr. Matthijs
signature.asc
Description: PGP signature
