I don’t know enough about the subject of a secure grub to tell you how wrong you are.
If you don’t know, then why don’t you shut up, yeah? I’ve spent 3 weeks researching this, even going as far to read the source of grub. Don’t just assume you’re right without doing any research.
You think you are saying something smart here but I assure you, you couldn’t be more conceited. You are maintaining a patch of grub for a bug that grub has no idea it exists. And you claim not to have time to fix your installation…
I have the time now. Classes are just getting started. But I’ll be busier in the future. Due to the way that arch is setup, this is easier than signing everything, plus I get instant restores.
And it’s not a bug. It’s intended behavior for systems like high value servers where security is valued over all else, to prevent privilege escalation by an attacker exploiting a kernel bug to load more kernel modules or taking advantage of a similar exploit. But for my desktop system, such an attack is not in my threat model.