Hi, I just switched from arch to fedora silverblue. I have secure boot enabled with factory keys (microsoft). How can I sign bootloader and kernel and other stuff with my own keys using something like sbctl? Is this even possible using Fedora Silverblue?
Thank you :)
Signing thr bootloader doesn’t necessarily mean that you have to use UKIs, though they do provide additional security. I believe the Silverblue people intend to use them as a solution to the challenges that come with Silverblue and custom signatures, but on a technical level the files in /efi should still be mutable and therefore signable.