No error with modified initramfs #1
Comments
|
Not a bug, but a feature in this case. This script does not sign either the kernel or initramfs you boot. What it does sign is the bootloader. It is meant as protection of the bootloader .efi code which unlocks an encrypted /boot partition (where kernel/initramfs reside; using it without an encrypted /boot makes no big sense). It is meant as "feature" because it leaves you the freedom to boot different kernels/initramfs, modify the kernel boot line, update the system kernels, etc. without having to worry about boot breakage due to failing secureboot verification. If you are looking for a script that helps automating signing the kernel/initramfs with Arch, have a look at https://github.com/andreyv/sbupdate |
I'm trying to set
cryptbootup on Archlinux with a Thinkpad x1 Yoga.Key enrollment and signing seemed to have completed successfully, but when I run
mkinitcpio -p linuxoutside of cryptboot and reboot, I still can boot successfully without any errors. This shouldn't happen, should it?The text was updated successfully, but these errors were encountered: