GoKawiilUbuntu systems support secure boot using grub. grub contains a lot of parsers for file systems and other things which are a constant source of security issues.
In 26.10, we’d like to propose removing the following features from signed GRUB builds:
Filesystems Remove btrfs, hfsplus, xfs, zfs Retain ext4, fat, iso9660 (and squashfs for snaps)
Image formats: Remove jpeg, png Retain none We do not use images, but using that in your grub.cfg locally is a massive security risk (if even still allowed)
Partition tables: Remove part_apple Retain part_gpt and part_msod
Support for LVM
Support for md-raid; except raid1.
Support for LUKS-encrypted disks
In effect systems must boot with /boot on a raw ext4 partition (whether a separate or inside of /); on GPT or MBR disks.
This means for example, that an encrypted system must use an ext4 /boot partition; it is no longer possible to encrypt the /boot partition. Likewise a system on ZFS, XFS, BTRFS must use an ext4 /boot partition.
... continue reading