Should /var/lib/sbctl be used in place of /etc/secureboot ? #416

matdibu · 2024-12-14T10:01:11Z

I got this warning while using sbctl on a system with lanzaboote

old configuration detected. Please use `sbctl setup --migrate`

and while trying to migrate, I borked it

I found this while trying to understand what it means:

The text was updated successfully, but these errors were encountered:

RaitoBezarius · 2024-12-14T13:28:06Z

Yes, since the newest version of sbctl, we should release a new version of lanzaboote that makes use of the newer directory and migrate the users.

matdibu · 2024-12-14T15:47:15Z

so simply setting

boot.lanzaboote.pkiBundle = "/var/lib/sbctl";

isn't enough?

matdibu · 2024-12-14T17:53:27Z

I messed up some unrelated things while changing the config, but in the end it seems to work fine with that pkiBundle path

matdibu · 2024-12-16T09:55:33Z

as a note: I'm pretty sure the migration failed because I am using impermanence, so /etc/secureboot was a mount, so it couldn't unlink it

Arbel-arad · 2024-12-16T23:05:16Z

so simply setting
boot.lanzaboote.pkiBundle = "/var/lib/sbctl";
isn't enough?

this worked for me with a normal filesystem.
migration worked fine as well.

after looking at it, maybe backing up the pkiBundle is a good idea......

Provide feedback