sd-boot: disable bitlocker reboot feature for now

Conceptually the feature is great and should exist, but in its current
form should be worked to be generic (i.e. not specific to
Windows/Bitlocker, but appliable to any boot entry), not be global (but
be a per-entry thing), not require a BootXXXX entry to exist, and not
check for the BitLocker signature (as TPMs are not just used for
BitLocker).

Since we want to get 251 released, mark it in the documentation, in NEWS
and in code as experimental and make clear it will be reworked in a
future release. Also, make it opt-in to make it less likely people come
to rely on it without reading up on it, and understanding that it will
likely change sooner or later.

Follow-up for: #22043
See: #22390

1 files changed, 5 insertions, 2 deletions

diff --git a/man/loader.conf.xml b/man/loader.conf.xml
index caff44aa1e..e5453c7dcd 100644
--- a/man/loader.conf.xml
+++ b/man/loader.conf.xml
@@ -206,8 +206,11 @@
       <varlistentry>
         <term>reboot-for-bitlocker</term>
 
-        <listitem><para>Work around BitLocker requiring a recovery key when the boot loader was
-        updated (enabled by default).</para>
+        <listitem><para>Caveat: This feature is experimental, and is likely to be changed (or removed in its
+        current form) in a future version of systemd.</para>
+
+        <para>Work around BitLocker requiring a recovery key when the boot loader was
+        updated (disabled by default).</para>
 
         <para>Try to detect BitLocker encrypted drives along with an active TPM. If both are found
         and Windows Boot Manager is selected in the boot menu, set the <literal>BootNext</literal>