← Back to context

Comment by mattpallissard

7 days ago

Arch user here. These things work much nicer than any of the previous alternatives. Sure, kernel signing is a bit of a mess, but that's more of a product of how key-signing at a low-level works than anything. Cryptsetup, cryptenroll, unified kernel images, and systemd-boot worked for me out of box.

3 comments

mattpallissard

Reply
DrillShopper  7 days ago

They very much did not for me. I beat things into shape with sbctl but it was very much an uphill battle.

idk why Arch seems allergic to packaging shim-signed (it's an AUR, why would I trust such a key component to essentialy a stranger?), but here we are I guess.

  • Timber-6539  7 days ago

    The AUR is just a repository of PKGBUILDs. You don't need to trust a stranger to use PKGBUILD.

  • udev4096  6 days ago

    you can inspect the PKGBUILD file very easily. it's same as alpine's abuild and various other build file formats from distros. don't just blindly build it