On Mar 10, Stephan Verbücheln <verbuech...@posteo.de> wrote: > Apart from the fact that UEFI Secure Boot is an overly complex monster > which is basically broken[1] by design, my understanding of it is also > that it does not protect configs, initramfs etc. in /boot. It only > protects the kernel image and loaded modules. It can, with an appropriate configuration.
> In addition, files in /boot like the initrd are generated individually > and may contain files not limited to what someone puts into /boot > intentionally. In contrast to /boot/efi, /boot does not only contain > static files delivered by the distribution. In the future the initramfs will (usually) be static as well. -- ciao, Marco
signature.asc
Description: PGP signature
