1. 7
  1.  

  2. 1

    Have you considered comparing your setup to something like sbupdate? sbupdate signs the kernel EFI image directly and one can boot that file without intermediaries (ie. grub, systemd-boot).

    1. 1

      sbupdate is only a wrapper around sbsign and EFISTUB generation for Arch. So fairly limited and not really flexible. My intentions with sbctl is to provide a complete experience from key generation to enrollment.

      1. 1

        Okay, thanks for your comment! So to check if I got your right: sbctl should also cover what sbupdate does (like signing EFI Linux kernel hook on update)? Because I’d happily migrate to sbctl (esp if it will be available in official Arch repos).

        1. 1

          It should yes.

          Because I’d happily migrate to sbctl (esp if it will be available in official Arch repos).

          Maybe in the future when I have done a proper version 1 release and gotten some feedback on the tool.

          1. 1

            Great! I’ll bookmark it and test it when time allows. If something is broken I’ll ping you via e-mail :)

            1. 1

              If something is broken, why not file a bug in the public github thing for it? Chances are it might be broken for someone else too.

              1. 1

                Err… okay.