On Thu, Jan 02, 2025 at 10:04:51AM +0700, Max Nikulin wrote:
I am unsure if grub images signed for Secure Boot include LVM drivers or /boot should be outside of LVM as well.
grub should work fine these days without /boot being a separate partition, unless you encrypt / (in which case you need the initrd to be on a separate unencrypted partition). Separate /boot is actually one of my pet peeves because it's either stupidly large or it fills up. (And if it's a partition at the start of the disk, resizing it is a PITA.) That's somewhat improved by the current behavior of autoremoving unneeded kernels, but still more trouble than benefit in the common case.
