Morten Linderud
Morten Linderud
I realized I might not even correctly remember the contraints we are working with :/ I really need to get back into hacking on all of this.
It should. I went the easy route with `sbkeysync` since it doesn't use `/etc`. I have mostly put this off until I can replace `sbsigntools` with the go code and...
I'm confused! I *thought* sbkeysync didn't use /etc, but that is because I think we have been discussing another directory. But yes, please make a pull-request for the change :)
I did :) I need to just check it and verify it works properly, but work and other projects so won't have time before the weekend! Thanks for your patience
So my current plan is to have a layout that looks like this: * `/etc/sbctl/sbctl.conf` * `/var/lib/sbctl/keys/` * `/var/lib/sbctl/state.json` * `/var/lib/sbctl/files.json` * `/var/lib/sbctl/bundles.json` Should also be provided with a `sbctl...
@igo95862 >Maybe also post a warning when updating? Or even post on Arch news? Arch news posts isn't for upstreams breaking stuff :smile: > I'd rather this be /var/lib/secureboot/keys/. >...
>An issue I come across with sbctl, is that files.db has two types of data: the settings for the file I want to sign (configuration), and the last signed checksum...
They are intentionally not created. I'm more curious to figure out why `sbctl enroll-keys` doesn't work? Have you enabled usermode properly?
Did you `chattr -i` the files?
Output of `lsattr /sys/firmware/efi/efivars/db-d719b2cb-3d3a-4596-a3bc-dad00e67656f && hexdump -C /sys/firmware/efi/efivars/db-d719b2cb-3d3a-4596-a3bc-dad00e67656f`