Project ID: 55247
This repo contains two packages:
sbctl- A command line application for creating and enrolling UEFI secure boot keys and signing UEFI executables.
dracut-config-efistub- A kernel install hook and dracut configuration for creating a UKI (unified kernel image) images.
Follow the upstream instructions for information on how to create and enroll UEFI secure boot keys.
When a file signing configuration is saved to sbctl's database with
sbctl sign -s /usr/lib/systemd/boot/efi/systemd-bootx64.efi
then the file will be resigned when the EFI executable is updated due to a package update. This is done via an RPM file trigger, which runs when an
.efi file in
/usr/libexec is updated.
Once installed, dracut will create/remove UKI images in
<ESP>/EFI/Linux/ when a kernel package is installed/updated/removed. This is done by adding a new kernel install hook that executes
dracut --uefi (as opposed to the plain old
dracut command used for generating initramfs images). This package does not replace the default dracut behavior. This means both initramfs and UKI images will be generated when the kernel is updated.
Note: It is necessary to manually create
/etc/kernel/cmdline with the desired kernel command line (eg. with the contents of
/proc/cmdline on the running system) or else the UKIs will not be bootable. After that file is updated, run:
sudo dracut -vf --uefi --regenerate-all
to regenerate the UKIs. If
sbctl is also installed, run:
sudo sbctl sign-all
to sign the newly generated UKIs.
The following unofficial repositories are provided as-is by owner of this project. Contact the owner directly for bugs or issues (IE: not bugzilla).
|Fedora 35||x86_64 (8)*||Fedora 35 (0 downloads)|
|Fedora 36||x86_64 (33)*||Fedora 36 (0 downloads)|
|Fedora 37||x86_64 (157)*||Fedora 37 (57 downloads)|
|Fedora 38||x86_64 (87)*||Fedora 38 (23 downloads)|
|Fedora rawhide||x86_64 (14)*||Fedora rawhide (28 downloads)|
* Total number of packages downloaded in the last seven days.