[Tails-dev] Siging tails binaries yourself in a custom secur…

Delete this message

Reply to this message
Author: availmon
Date:  
To: tails-dev@boum.org
Subject: [Tails-dev] Siging tails binaries yourself in a custom secureboot environment
Hey all,

I'm really unsure if this is the right place for this question, but it didn't fit in any other categories. Feel free to point me in the right direction if this is the wrong place.

So, I want to sign tails with my own keys since I have enrolled my own secure boot keys. I signed /live/vmlinuz and /EFI/BOOT/BOOTX64.EFI and ../GRUBX64.EFI. Upon starting tails, it tells me that something has gone wrong with shim-lock. I know that tails uses shim to work with microsoft-keyed secureboot environments out-of-the-box, but I would prefer just signing tails and not fiddling around with shim.

Can I skip shim so that GRUB/syslinux directly boots? (-> maybe as a second EFI entry?).

Huge thanks in advance,

Availmon