Am 12.10.21 um 11:22 schrieb Bastian Blank:
Package: systemd Version: 247.9-4 Severity: wishlistHi folks systemd already includes it's own small and EFI based bootloader. To make it more widely usable, it would be nice to have it secure boot signed. Signing for secure boot is supported in Debian via a round trip inside the archive. I would implement that something in the line of: - Split off the existing EFI binary into a new package "systemd-boot-unsigned". - Create the template package "systemd-boot-$arch-signed-template". It contains a list of files to be signed and a source package template, which gets signatures injected into and uploaded by the signing process. - The template creates a source and binary package "systemd-boot-$arch-signed", shipping the signed EFI binary. - Add a "systemd-boot" package that contains "bootctl" and a dependency on "systemd-boot-$arch-signed". I can help with that, as I'm going work on secure boot anyway.
Looping in Julian. As maintainer of sicherboot, I assume he would be affected by this change.
Julian, maybe you have some input as well. Regards, Michael
OpenPGP_signature
Description: OpenPGP digital signature
