Comments (3)
Hello again 😁
First of all, many thanks for the very detailed report!
I think your suspicion is entirely correct, it looks like the missing Operation = Install
is indeed to blame.
Re-reading the docs again:
Operation = Install|Upgrade|Remove
Select the type of operation to match targets against. May be specified multiple times. >>>Installations are considered an upgrade if the package >or file< is already present on the system<<< regardless of whether the new package version is actually greater than the currently installed version
If we now look at the package contents of linux-hardened
(or any other kernel for that matter), the file is being created in a new versioned directory every time:
usr/lib/modules/6.5.9-hardened1-1-hardened/vmlinuz
So by this logic, kernel upgrade would always trigger Install
operation, not Upgrade
.
Would you like to do the honors of re-introducing Operation = Install
? You deserve the full credit here 🙂
As we talked in #19, the only downside I think is that the initial installation would fire Error: Secure Boot keys are not generated yet
error, but I think it's acceptable price.
from arch-secure-boot.
Sure I can submit a PR. What about Target = usr/lib/systemd/systemd
do you think it's worth adding ?
EDIT: do you want me to create a separate hook for Target = usr/bin/arch-secure-boot
so that it can be Operation = Upgrade
only and prevent the error you are mentioning ?
from arch-secure-boot.
I'm not sure about usr/lib/systemd/systemd
itself, but perhaps usr/lib/systemd/boot/efi/linuxx64.efi.stub
, since we use it in generating efi files? I don't know how usr/lib/systemd/systemd
itself plays a role in efi files, what changes when that binary gets updated...
I think lets avoid a separate hook for now, keep it simple. If nothing else, it is a message to user that they must do something after installation of arch-secure-boot
😅
from arch-secure-boot.
Related Issues (15)
- Allow to set ucode HOT 1
- Confusing name of LTS image when using hardened kernel HOT 4
- generate-efi : only sign what has been updated HOT 4
- Does this must require linux-lts? HOT 7
- systemd 254-1 makes generate-efi create a corrupt efi HOT 7
- generate-efi not triggered when arch-secure-boot is updated HOT 5
- What's your backup strategy ? HOT 4
- How to add nvidia-drm.modeset=1 HOT 19
- Does the tool support booting read-only snapshots in overlayfs mode? HOT 4
- Kernels/modules versions consistency to boot from snapshots and BTRFS subvolume layout HOT 7
- sbctl error: couldn't access /usr/share/secureboot/keys/db/db.pem: no such file or directory HOT 6
- Suggestions and thank you ! HOT 11
- initial-setup failed with "cat: '/boot/*-ucode.img': No such file or directory" HOT 2
- Dual boot system with windows HOT 4
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from arch-secure-boot.