Systemd-boot + dracut + UKI + secure boot

hi there,
can someone create an HowTo so as to set a ‘systemd-boot + secure boot + UKI + dracut’ system.

is it better to do it during the Eos system installation or after it?

ps: secure boot is optional

The installer can do systemd-boot + dracut out of the box.

If you want to use a UKI-specifically, I would advise skipping the bootloader installation in the installer and installing your own setup.

That being said, if you don’t care about secure boot, is there a reason you want a UKI?

i said > secure boot is optional

in case it can cause some issues during the bootloader installation.

I would advise skipping the bootloader installation

why ? it’s complicated or not 100% operational?

Because otherwise you will either install grub or our systemd-boot automation.

You don’t want grub and our systemd-boot automation doesn’t produce a UKI.

So if you have a requirement for a UKI, you will need to remove it all anyway and then clean up.

Basically, if you want a UKI, you are going to have build your own hooks/automation to handle that.

ok nice, that is what i would wanted to read.

i have no specific requirements and i’m using sd-boot + dracut now.
i 'm just boring to see my kernel tainted.

and configure tools like UKI + secureBoot which will in the near future be as normal as Systemd / Systemd-boot / dracut…

Do you think you will soon include an option for a standard installation of UKI+Secure Boot?

regarding my current one I will proceed as you recommend (direction archlinux wiki)


It is likely that we wouldn’t support it until Arch starts providing secure-boot support without the need to enroll your own keys.

the need to enroll your own keys

please tell me can we use an gpg key as secure-boot key ?