Why is systemd-boot not signed at the moment? The package info reads:
This package contains the unsigned version. Install systemd-boot instead to get
the version that works with Secure Boot.
But there isn’t really a systemd-boot package.
If I understand correcly, to use sd-boot with Secure Boot, the only missing piece is just signing the sd-boot with Fedora key[1], which a user can’t do.
The alternative is ripping out the entire Secure Boot key chain, replace with your own, sign sd-boot and kernel etc. with your key[2][3], which is just too much for me atm…
Found this[1]. Seems to be backend overhaul.
Though I don’t quite get why not just sign it the same way as grub, then improve backend and update it later. It already took 2 years…