Overview: How UEFI Secure Boot Works in Linux
tiffybelle.vivaldi.net
Been down the rabbit hole lately of UEFI Secure Boot issues, and decided to write an overview of how it works out-of-the-box in the excellent Debian-based Linux Mint LMDE 6.
Have mostly been researching this stuff as I was looking to replace GRUB entirely with systemd-boot on one of my systems. Will likely write a follow-up piece documenting that journey if I think it'd be interesting to some nerds out there.
You are viewing a single comment
First, I'd personally always opt for systemd-boot instead of GRUB when I have the choice. GRUB is just very complex and systemd-boot rather simple.
Getting Secure Boot to work isn't always trivial, especially since mainboards and TPMs don't always document how enrolling your own keys works.
Hard same. systemd-boot is about as tricky as, say, syslinux (which I used to use) to get working, which is itself far simpler to work with than GRUB ever was.
personally for me, grub beaks when sdax changes but, in systemd boot doesn't. this is my main reason to prefer it. easy access to boot configuration is a plus i guess.
Well, except the Systemd part. Efistub or Refind it is for me.
systemd-boot is basically gummiboot with an interface to systemd so that the latter can get information on boot time in firmware and stuff. I prefer a boot loader instead of Efistub because it allows easier configuration of boot options etc. but it just comes down to personal preference