Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
Bug#1033725: systemd-boot: Sign systemd-boot with Debian Secure Boot CA
248 views
Skip to first unread message
Gihun Nam
Mar 31, 2023, 2:10:04 AM3/31/23
to
Package: systemd-boot
Severity: wishlist
X-Debbugs-Cc: gihu...@proton.me
Dear Maintainer,
Please, sign /usr/lib/systemd/boot/efi/systemd-bootx64.efi with Debian Secure Boot CA
(or maybe create systemd-bootx64.efi.signed) so that systemd-boot can be used with
UEFI Secure Boot and shim out of the box.
Debian provides systemd-boot but does not sign it with a Debian key.
To use systemd-boot with shim, one needs to enroll its hash with MokManager.
Although systemd-boot is not an official bootloader of Debian,
signing it would be handy to people using systemd-boot and Secure Boot with Debian.
Respectively,
Gihun Nam
-- System Information:
Debian Release: 11.6
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500, 'stable')
Architecture: amd64 (x86_64)
Kernel: Linux 5.15.90.1-microsoft-standard-WSL2 (SMP w/8 CPU threads)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: unable to detect
Versions of packages systemd-boot depends on:
ii libc6 2.31-13+deb11u5
pn libsystemd-shared <none>
pn systemd-boot-efi <none>
Versions of packages systemd-boot recommends:
ii efibootmgr 17-1
systemd-boot suggests no packages.
Severity: wishlist
X-Debbugs-Cc: gihu...@proton.me
Dear Maintainer,
Please, sign /usr/lib/systemd/boot/efi/systemd-bootx64.efi with Debian Secure Boot CA
(or maybe create systemd-bootx64.efi.signed) so that systemd-boot can be used with
UEFI Secure Boot and shim out of the box.
Debian provides systemd-boot but does not sign it with a Debian key.
To use systemd-boot with shim, one needs to enroll its hash with MokManager.
Although systemd-boot is not an official bootloader of Debian,
signing it would be handy to people using systemd-boot and Secure Boot with Debian.
Respectively,
Gihun Nam
-- System Information:
Debian Release: 11.6
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500, 'stable')
Architecture: amd64 (x86_64)
Kernel: Linux 5.15.90.1-microsoft-standard-WSL2 (SMP w/8 CPU threads)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: unable to detect
Versions of packages systemd-boot depends on:
ii libc6 2.31-13+deb11u5
pn libsystemd-shared <none>
pn systemd-boot-efi <none>
Versions of packages systemd-boot recommends:
ii efibootmgr 17-1
systemd-boot suggests no packages.
Michael Biebl
Mar 31, 2023, 3:30:06 AM3/31/23
to
Am 31.03.23 um 07:58 schrieb Gihun Nam:
maintainers.
Please see
https://salsa.debian.org/systemd-team/systemd/-/merge_requests/132
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=996202
> Package: systemd-boot
> Severity: wishlist
> X-Debbugs-Cc: gihu...@proton.me
>
> Dear Maintainer,
>
> Please, sign /usr/lib/systemd/boot/efi/systemd-bootx64.efi with Debian Secure Boot CA
> (or maybe create systemd-bootx64.efi.signed) so that systemd-boot can be used with
> UEFI Secure Boot and shim out of the box.
>
> Debian provides systemd-boot but does not sign it with a Debian key.
> To use systemd-boot with shim, one needs to enroll its hash with MokManager.
> Although systemd-boot is not an official bootloader of Debian,
> signing it would be handy to people using systemd-boot and Secure Boot with Debian.
We would love too, but this is not in the hands of the systemd(-boot)
> Severity: wishlist
> X-Debbugs-Cc: gihu...@proton.me
>
> Dear Maintainer,
>
> Please, sign /usr/lib/systemd/boot/efi/systemd-bootx64.efi with Debian Secure Boot CA
> (or maybe create systemd-bootx64.efi.signed) so that systemd-boot can be used with
> UEFI Secure Boot and shim out of the box.
>
> Debian provides systemd-boot but does not sign it with a Debian key.
> To use systemd-boot with shim, one needs to enroll its hash with MokManager.
> Although systemd-boot is not an official bootloader of Debian,
> signing it would be handy to people using systemd-boot and Secure Boot with Debian.
maintainers.
Please see
https://salsa.debian.org/systemd-team/systemd/-/merge_requests/132
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=996202
0 new messages