2024-12-03 ┃ edited ┃ RE: pid_eins
… your SB keys might also disable certain extension card firmwares, which is typically less than ideal.)
However, it is really useful if you know your hardware well, which for example is very much the case in VM environments.
What was missing so far is a tool to actually place the keys in the right drop-in dir in the right format. With systemd v257 we made "bootctl" that tool. It gained a new switch --secure-boot-auto-enroll=yes for installing keys like that.
https://mastodon.social/@pid_eins/113587908729005177
2024-12-03 pid_eins ┃ edited ┃ 2💬
It will even optionally convert your DER certificate into the ESL format EFI SB expects.
Or in other words: running a self-enrolled system has become a lot more automatic now. If you focus on […]
────
────