Talk:Arch boot process

From ArchWiki
Jump to navigation Jump to search

SecureBoot support in the Feature Comparison table

I'd like to add a column describing whether each bootloader can be adapted to work with SecureBoot or not. For example, EFISTUB cannot, since the cmdline is stored in firmware, not signed,and can be altered by an attacker. systemd-boot OTOH, is very easy to sign, and can load bundles with a signed initfs and cmdline. Any objections to this? WhyNotHugo (talk) 17:59, 14 July 2021 (UTC)