Comment by yjftsjthsd-h
8 days ago
> The difficulty was bitlocker: my approach was a UKI with a small kernel and a few binaries to open the bitlocker volume and kexec the bigger kernel.
Why not do that from the initramfs with the real kernel? I'm pretty sure that's how it works on a normal encrypted root Linux install
I wanted to limit the space needed on the EFI, and keep as much as possible on the Windows partition because there's also the question of where the bitlocker key would go.
With something like a chainloader using a special part of the NTFS partition posing as bad blocks, Windows could "remove" this access easily, without having to touch the EFI partition or the boot variables.