On 20-09-2022 07:12, Chris Murphy wrote:
On Mon, Sep 19, 2022, at 2:45 PM, Robbie Harwood wrote:
> I'm fine with the proposed change. I'm also fine with the
> original text.
>
> During boot, certain actions are taken that are recorded in the
> TPM. These include, for instance, any loaders that are run - like
> grub2. The result is that if you load Windows from grub2 rather
> than the EFI firmware, the TPM state will be different. Bitlocker
> cares about this TPM state.
>
> So: if you install Windows and set up Bitlocker booting through
> grub, it will continue to work through grub.
The Windows installer drops a payload on the drive, and sets a
bootnext for an entry that points to the Windows bootloader, not via
GRUB.
And then, the instant we update either shim or grub, Windows boot
will break.
Does all this apply as well using sd-boot?
If not, since this is the install phase, switching from grub to sd-boot
when installing alongside Windows should be viable.
Having said that, I am aware that sd-boot is currently not as well
supported as grub2.
-- Sandro