Hi, I just switched from arch to fedora silverblue. I have secure boot enabled with factory keys (microsoft). How can I sign bootloader and kernel and other stuff with my own keys using something like sbctl? Is this even possible using Fedora Silverblue?

Thank you :)

  • @throwawayish@lemmy.ml
    link
    fedilink
    51 year ago

    I’m not very well-versed into all of this, but if what you’re referring to is technically known as Unified Kernel Image, then you should know that unfortunately it’s currently not supported on systems that rely on ostree; thus unsupported on Silverblue. A lot of work has been gone into this over the last year, but I’m afraid we’re still (at least) two major releases removed from proper UKI support. For regular Fedora, consider referring to this excellent guide.