Could someone sign systemd-boot please? That EFI boot seems simple to use and very minimal especially for both x64 arch based desktop and laptop.

On 2022-07-26 16:14, Chris Murphy wrote:

On Tue, Jul 26, 2022, at 4:42 PM, Kevin Kofler via devel wrote:
Chris Murphy wrote:
On Tue, Jul 26, 2022, at 4:06 PM, Kevin Kofler via devel wrote:
As I already mentioned the last time this has come up: Why can we not,
instead of chainloading Windows directly, chainload a systemd-boot
configured to always bootnext to Windows?
Pretty sure shim still hard codes the name grub$arch.efi as the 2nd
bootloader. Hence having to rename sd-boot as grubx64.efi for shim to find
and run it. They can't co-exist right now. Also, there's no current plan
by anyone to add systemd-boot for Secure Boot signing.
That is not what I suggested.

I suggested shim → GRUB → systemd-boot → Windows (and shim → GRUB → Fedora, 
systemd-boot would be configured to always reboot to Windows, booting Fedora 
from GRUB would bypass it entirely), not shim → systemd-boot → Windows.
OK. But still systemd-boot would need to be signed by Fedora. And be capable of defaulting to Windows, and hidden menu, so it doesn't show bootloader snippets on the boot or EFI volumes. I don't know whether it can be configured this way.

It's a Rube Goldberg machine way of doing this. In effect three bootloaders to support. I'm not convinced this is the path of least resistance. But it seems to be worth considering.

-- 
Luya Tshimbalanga
Fedora Design Team
Fedora Design Suite maintainer