Morten Linderud

Which is why I have started mocking up the following section in the manpage :) Generally speaking the sbctl hook should run after the bootloader install so I don't think...

Right, I missed the first sentence. It's still not going to break any Arch install however. https://github.com/archlinux/svntogit-packages/blob/packages/systemd/trunk/PKGBUILD#L221-L222 I need to think a bit how to solve this.

Generally I think this change and approach is fine. I need to figure out how this should interact with the general `OpROM` warning, but I can do that in a...

Weird, could you upload the file somewhere? Generally you can delete it and run `mkinitcpio -P && sbctl sign-all` and it should be fine.

Does this still happen if you re-create the files? If it does happen please give me a copy of the unsigned file. Currently it seems to me that the file...

I looked over the code and was a bit unsure if adding a dependency for this was needed indeed. I'd be comfortable with just having that function in the code...

I'd use an SPDX header with a license, and link to the code repo along with any copyright info.

They are, so we can use `goefi` to actually validate the signature then remove it and apply it properly :) https://paste.xinu.at/8BFRYyloBkeFQzHfQ/ I also need to write up some better support...

And now `efianalyze` can read the signed siglist :) https://github.com/Foxboron/goefi/commit/51986df877a4a3f81fbee79933fbb91eb31ee1cf

If you enroll with Microsoft certificates you can just use `dbxtools` to update the list manually. I'd assume enabling the testing feature from fwupd works as well but I haven't...