On Fri, 2018-08-03 at 23:03 +0800, Ben Hutchings wrote: > On Fri, 2018-08-03 at 17:50 +0300, Lars Wirzenius wrote: > > On Fri, 2018-08-03 at 21:56 +0800, Ben Hutchings wrote: > > > Since vmdebootstrap is no longer developed, bug #821088 will not be > > > fixed there, but perhaps Secure Boot will be supportable using vmdb2. > > > > > > If vmdb2 allows its users to specify which package(s) to install as > > > boot loaders, then I don't think it needs to do anything specific to > > > support Secure Boot. > > > > > > If vmdb2 has specific logic for installing grub2, #821088 should be > > > reassigned to vmdb2. > > > > I'm afraid I have no idea what's needed, if anything, for vmdb2 to support > > Secure Boot. > > As I understand it, you would need to install grub-efi-$ARCH-signed and > shim-signed, instead of grub-efi-$ARCH.
That would be easy enough to do. I'm thinking the uefi could gain a third flavor (currently "bios" and "uefi": "uefi-secure-boot". The difference with the "uefi" flavour would be packages installed. That would be an easy to patch to make (but I have no idea how I'd test it).
signature.asc
Description: This is a digitally signed message part