Morten Linderud
Morten Linderud
It was part of my long-term plan but I didn't want the config stuff to drag on forever so limited it to only a single file for the first iteration...
This is a secure boot tool, encrypting `/boot` is completely meaningless in the context of this. This isn't going to be implemented and even figuring out you have setups like...
> Huh? Simply running sbctl bundle [...] /boot/efi/EFI/foo.efi completely compromises encryption on vanilla, unmodified installs of some common distros, how is that completely meaningless? Ok, which distros? They should not...
and again, encrypting `/boot` when utilizing Secure Boot is meaningless. The "enter your password twice" problem should not exist in this context.
It might be a bug in the `go-tpm` library? It's a bit hard to debug without the appropriate hardware honestly. So would probably need to instrument a binary with some...
I don't run Fedora Silverblue and similar distros. If you can tell me what is needed to support them I'll write the code to support it at some point.
I don't know how ostree works. It sounds like some form of packaging issue?
Cool, thanks! I'll close this issue then :)
@anatol Could you merge this and get it into a release? I plan to write up `kernel-install` support for Arch Linux at some point in the future.
@anatol Thanks!