You are not logged in.
My usecase is that I have LVM on LUKS, and I am using secureboot to sign my own kernel. My root file system is btrfs, and I want to use boot to snapshots functionality. Currently I use refind to boot (with which I have no problems booting) but I want to use grub to automatically populate boot entries with btrfs snapshots. (There is a package grub-btrfs for that.)
Since I use secure boot, I am using a package called sbupdate-git to automate signing kernel. I also do multiboot with my computer, so I like having the kernel in the ESP. I mount the ESP on /boot/efi. So by default, linux kernel is installed in /boot, which is under encryption. After linux updates, the hook signs and copies the kernel to /boot/efi/EFI/Arch
Now, when I generate grub config; the only kernel is detected at /boot. Thus the grub entries (regular boot and the btrfs snapshot entries) cannot boot to the kernel in /boot; since I use LUKS2 and grub cannot decrypt that. Even if it could, the kernel there is not signed so my secure boot would not allow them. I could not find how to tell grub to not look for my kernels in /boot, but look for bootable entries in /boot/efi/EFI/* directories. How can I accomplish this? I am trying to see if I can edit /etc/grub.d files for it but they seem very complex; and use a lot of shell functions that are not found from the command line.
Offline