Binary package “sicherboot” in ubuntu focal
systemd-boot integration with UEFI secure boot support
sicher*boot manages kernels and systemd-boot on a secure boot
machine. It installs kernels and systemd-boot, generates signing keys to
enroll in the machine, and signs the kernels and the bootloader with it.
.
Keys are generated in /etc/sicherboot
keys are unencrypted in the default configuration, but that can be changed,
see /etc/sicherboot
.
This package diverts the /etc/kernel/
with its own file that calls the diverted one before running sicherboot,
as dracut does not support any form of hooks. dpkg is not entirely happy
with that and asks you if you want to replace a "deleted" dracut conffile -
answer yes.