| 24 Jan 2022 |
 Zhaofeng Li | Yeah, that's what you want to use | 22:40:16 |
| Zhaofeng Li | You can still dual-boot Windows, just allow Microsoft's certificates in your db | 22:41:29 |
| Zhaofeng Li | Found it: https://wiki.archlinux.org/title/Unified_Extensible_Firmware_Interface/Secure_Boot#Dual_booting_with_other_operating_systems | 22:42:16 |
 colemickens | Hrmph, now I feel like I wasted my time with the shim, but this would require figuring out signing :s | 22:42:19 |
| Zhaofeng Li | It's actually pretty simple after you generate all the keys and enroll them in your BIOS | 22:43:13 |
| Zhaofeng Li | Everything else can be done from the OS | 22:43:30 |
| colemickens | I just assume people are signing outside the store or doing some sandboxing trick to get to the private key or something. I've always avoided that, but maybe it's not a huge deal. | 22:44:10 |
| Zhaofeng Li | In reply to @zhaofeng:zhaofeng.li
You can get actual Secure Boot signing working with https://github.com/frogamic/nix-machines/tree/main/modules/systemd-secure-boot The module here automatically creates a unified kernel image (kernel + initrd) for each generation and signs them | 22:45:10 |
| Zhaofeng Li | And the end-user experience is seamless | 22:45:23 |
| colemickens | Oh, right, it just takes a path to the key. | 22:45:40 |
| colemickens | Huh, why was I over thinking this. | 22:45:46 |
| colemickens | Neato. | 22:45:49 |
| colemickens | Thanks a bunch Zhaofeng Li , I'll have to spend another weekend day trying to do this the right way then! | 22:47:21 |
| 31 Jan 2022 |
|  bernardo changed their profile picture. | 11:49:42 |
| 2 Feb 2022 |
|  Chinchilla Washington changed their display name from CoilWinder (novus ordo seclorum) to Chuck Winter. | 08:37:03 |
| 3 Feb 2022 |
|  lvkm joined the room. | 08:49:27 |
|  lewo joined the room. | 21:47:17 |
