Hi, I just switched from arch to fedora silverblue. I have secure boot enabled with factory keys (microsoft). How can I sign bootloader and kernel and other stuff with my own keys using something like sbctl? Is this even possible using Fedora Silverblue?
Thank you :)
I’m not very well-versed into all of this, but if what you’re referring to is technically known as Unified Kernel Image, then you should know that unfortunately it’s currently not supported on systems that rely on
ostree; thus unsupported on Silverblue. A lot of work has been gone into this over the last year, but I’m afraid we’re still (at least) two major releases removed from proper UKI support. For regular Fedora, consider referring to this excellent guide.[This comment has been deleted by an automated system]
