Been down the rabbit hole lately of UEFI Secure Boot issues, and decided to write an overview of how it works out-of-the-box in the excellent Debian-based Linux Mint LMDE 6.
Have mostly been researching this stuff as I was looking to replace GRUB entirely with systemd-boot on one of my systems. Will likely write a follow-up piece documenting that journey if I think it’d be interesting to some nerds out there.
Booting the kernel directly via EFIStub from the firmware is certainly an interesting idea, although it sounds like a potential pain to manage updates. Will definitely take a look down that rabbit hole though. =)
I’ve been working on a tool to make management of EFI boot entries easier, specifically with the use case of booting Linux in mind.
https://github.com/cbarrick/efiboot
I haven’t made a public release yet though… I really should.
At this point it’s pretty well battle tested.
https://wiki.archlinux.org/title/EFISTUB