This is unmaintained. Let's find a new maintainer #7
Description
Hey @ljfranklin @jugalgalaxyz
I just enabled Secure Boot on my device. The cryptboot scripts helped to understand and implement the whole thing. Unfortunately, it seems @xmikos can't/won't maintain the software anymore. I want to discuss some points with you:
-
As this is project is unmaintained and some improvements are outstanding: Let's find a new maintainer. We need to update the Arch Wiki and the AUR package. Are you interested? I can do it if you don't mind.
-
My /etc/crypttab does not contain my crypt device. I don't know why... So
find_crypt_devfails. Does this fail on your site (even if it's not super important)?
Line 4 in 16117e1
-
Regarding the PR Add cryptboot-grub-warning script #5 :
I like the idea, but I have a different proposal: Instead of exiting/usr/local/bin/grub-installwith an error, let's just call/usr/bin/grub-installwith the parameters of/usr/local/bin/grub-installand then callcryptboot-efikeys sign $efi. What do you think about? -
After upgrading GRUB from 2.04 to 2.06 I had to modify the script:
- grub-install --target=x86_64-efi --boot-directory="$BOOT_DIR" --efi-directory="$EFI_DIR" --bootloader-id="$EFI_ID_GRUB"
+ grub-install --target=x86_64-efi --boot-directory="$BOOT_DIR" --efi-directory="$EFI_DIR" --bootloader-id="$EFI_ID_GRUB" --modules="tpm" --disable-shim-lockThe error I got was "error: verification requested but nobody cares: (cryptouuid/myUUID/grub/x86_64-efi/normal.mod.". Have you run into the same issue? Have you used the same workaround? The thing here is: I don't exactly understand the workaround. Maybe you know a little bit more about it.
Some resources for a better understanding:
- https://www.mail-archive.com/[email protected]/msg17008.html
- https://bugs.archlinux.org/task/71382
- https://bbs.archlinux.org/viewtopic.php?id=267944
- archlinux/svntogit-packages@4144617#diff-3e341d2d9c67be01819b25b25d5e53ea3cdf3a38d28846cda85a195eb9b7203a
If you like we can chat on IRC and post a summary here.