Hi Bastian

Am 12.10.21 um 11:22 schrieb Bastian Blank:
Package: systemd
Version: 247.9-4
Severity: wishlist

Hi folks

systemd already includes it's own small and EFI based bootloader.  To
make it more widely usable, it would be nice to have it secure boot
signed.  Signing for secure boot is supported in Debian via a round trip
inside the archive.

I would implement that something in the line of:

- Split off the existing EFI binary into a new package
- Create the template package "systemd-boot-$arch-signed-template".  It
   contains a list of files to be signed and a source package template,
   which gets signatures injected into and uploaded by the signing
- The template creates a source and binary package
   "systemd-boot-$arch-signed", shipping the signed EFI binary.
- Add a "systemd-boot" package that contains "bootctl" and a dependency
   on "systemd-boot-$arch-signed".

Would all those binary packages be built from src:systemd?
I don't have any experience with Secure Boot (especially in Debian's context), so would need help with that.
Would you mind prepping a MR?


Attachment: OpenPGP_signature
Description: OpenPGP digital signature

Reply via email to