On Wed, Jul 27, 2022, at 4:27 PM, Vitaly Zaitsev via devel wrote: > On 27/07/2022 22:19, Chris Murphy wrote: >> * $BOOT is supposed to be readable by all distros that share $BOOT > > It will. efifs will be installed to ESP partition. > >> * efifs drivers must be signed in order to be loaded on UEFI Secure Boot >> enabled systems > > True. But I think Fedora can sign drivers from the efifs package with > own keys. > >> * shim is distro specific, and is what provides the key for efifs as well as >> the 2nd stage bootloader > > I prefer no shim in my computers. I'm using systemd-boot signed by my > own CA.
That is not a generic solution we can ship in Fedora. Since each distro ships their own shim, they'd each have to ship their own signed fsfs in order to read the shared a non-FAT $BOOT. It's too high a barrier to adoption. -- Chris Murphy _______________________________________________ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
