> Not running an update of the EFI binaries is problematic as well.
Running the update will brick a system with secure boot unconditionally.
> Aside from the dpkg/apt hook I mentioned earlier, what you might do is
> to dpkg-divert bootctl and replace it with a wrapper script that does
> the
Am 23.10.23 um 11:32 schrieb sympathischerwal:
Package: systemd-boot
Version: 252.12-1~deb12u1
When updating systemd-boot on a system with secure-boot
enabled, the postinst calls `bootctl update --graceful` which
installs an unsigned efi. This will overwrite an existing efi
with correct
Am 23.10.23 um 12:17 schrieb sympathischerwal:
Hi,
I am running secure boot with my own keys.
I signed the efi binary myself with my own keys and put it
to the efi partition. On a systemd-boot upgrade, the postinst
overwrites these files, which made my bootable system unbootable.
You could
Hi,
I am running secure boot with my own keys.
I signed the efi binary myself with my own keys and put it
to the efi partition. On a systemd-boot upgrade, the postinst
overwrites these files, which made my bootable system unbootable.
Best,
Thomas
Package: systemd-boot
Version: 252.12-1~deb12u1
When updating systemd-boot on a system with secure-boot
enabled, the postinst calls `bootctl update --graceful` which
installs an unsigned efi. This will overwrite an existing efi
with correct signature and cause the system to not boot
anymore,
5 matches
Mail list logo
