Been down the rabbit hole lately of UEFI Secure Boot issues, and decided to write an overview of how it works out-of-the-box in the excellent Debian-based Linux Mint LMDE 6.
Have mostly been researching this stuff as I was looking to replace GRUB entirely with systemd-boot on one of my systems. Will likely write a follow-up piece documenting that journey if I think it’d be interesting to some nerds out there.
If you want to experiment with UEFI you don’t need systemd-boot either, just create an efi bootable kernel and direct boot it. reFind is still around I think too for graphical boot (although that’s mainly used by macs… apple users like guis :p).
Booting the kernel directly via EFIStub from the firmware is certainly an interesting idea, although it sounds like a potential pain to manage updates. Will definitely take a look down that rabbit hole though. =)
At this point it’s pretty well battle tested.
https://wiki.archlinux.org/title/EFISTUB
I’ve been working on a tool to make management of EFI boot entries easier, specifically with the use case of booting Linux in mind.
https://github.com/cbarrick/efiboot
I haven’t made a public release yet though… I really should.
rEFInd is finally a reasonable boot loader. It and ventoy might finally make dual boot Linux + windows viable
Isn’t Ventoy used to boot images like ISOs?