boltd in initrd
Assuming one wants to disable Support During Pre-Boot Environment (including pre-boot ACL) but wants to use authorized docks at the password prompt window when unlocking the disk, how could we do that?
An idea is to embedded bolt into initrd, however, the daemon always falls in on_name_lost callback. I am not familiar with dbus, but my attempts to have it and policykit in initrd just failed. Even if they work, this solution may become too heavy for initrd.
I made tests with thunderbolt-tools and it worked just fine. How would be a proper way to have a lighter version of boltd so we can put it in initrd? The database would be synchronized through a EFI variable, so we would keep a static initrd and do not mess with secure boot.