On Di, 26.07.22 13:37, Neal Gompa (ngompa13@xxxxxxxxx) wrote: > > > As I already mentioned the last time this has come up: Why can we not, > > > instead of chainloading Windows directly, chainload a systemd-boot > > > configured to always bootnext to Windows? > > > > Pretty sure shim still hard codes the name grub$arch.efi as the 2nd bootloader. Hence having to rename sd-boot as grubx64.efi for shim to find and run it. They can't co-exist right now. Also, there's no current plan by anyone to add systemd-boot for Secure Boot signing. > > > > >GRUB would still think it boots > > > Windows directly. (I do not see why it would notice any difference, all that > > > would change is the name of the image that gets chainloaded.) And systemd- > > > boot does not need to know that it is being chainloaded from GRUB. So I do > > > not see why that would not work, without any changes to the software. > > > > Put more directly: Microsoft will revoke our shim if we use > anything but GRUB as the stage-two bootloader. > > Cf. https://github.com/rhboot/shim/issues/472#issuecomment-1118628769 To state this clearly: The people I talked to in MSFT do not know of any such requirement. To me, the above comment appears to be FUD. In fact, the SHIM review guidelines already say this: "Note that we really only have experience with using GRUB2 on Linux, so asking us to endorse anything else for signing is going to require some convincing on your part." (from https://github.com/rhboot/shim-review#readme) Hence, it's the shim people who are not keen on non-grub boot loaders, but even they indicate they can be convinced of other boot loaders. Given the overlap of the Fedora/RH boot loader folks and the shim folks, I think there's definitely an avenue to get systemd-boot signed as payload for SHIM, as alternative to Grub. If Fedora wants this, and has the man power for it, it should be a quite a reachable goal, given that sd-boot has only a tiny fraction of the code footprint that Grub has. Lennart -- Lennart Poettering, Berlin _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
