Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details

All Projects → Foxboron → Sbctl

Foxboron / Sbctl

Licence: mit

💻 Secure Boot key manager

Programming Languages

31211 projects - #10 most used programming language

Labels

uefi

Projects that are alternatives of or similar to Sbctl

Secure Boot

UEFI SecureBoot for ArchLinux

Stars: ✭ 48 (-66.2%)

Mutual labels: uefi

Uefi Jitfuck

A JIT compiler for Brainfuck running on x86_64 UEFI

Stars: ✭ 83 (-41.55%)

Mutual labels: uefi

Liveusb Builder

A script suite to create multiboot USB stick for GNU/Linux distributions

Stars: ✭ 118 (-16.9%)

Mutual labels: uefi

Multibootusb

Create multiboot live Linux on a USB disk...

Stars: ✭ 1,042 (+633.8%)

Mutual labels: uefi

Mortar

Framework to join Linux's physical security bricks.

Stars: ✭ 80 (-43.66%)

Mutual labels: uefi

Tomatboot

A UEFI 64bit Bootloader

Stars: ✭ 109 (-23.24%)

Mutual labels: uefi

Efiseek

Ghidra analyzer for UEFI firmware.

Stars: ✭ 45 (-68.31%)

Mutual labels: uefi

Build

Armbian Linux build framework

Stars: ✭ 1,827 (+1186.62%)

Mutual labels: uefi

Veracrypt Dcs

VeraCrypt EFI Bootloader for EFI Windows system encryption (LGPL)

Stars: ✭ 81 (-42.96%)

Mutual labels: uefi

Rpi3

Raspberry Pi 3 UEFI Firmware Images

Stars: ✭ 117 (-17.61%)

Mutual labels: uefi

Yubikey Full Disk Encryption Secure Boot Uefi

Tutorial to create full disk encryption with YubiKey, encrypted boot partition and secure boot with UEFI

Stars: ✭ 62 (-56.34%)

Mutual labels: uefi

Uefi

Fast and lightweight yet another UEFI implementation

Stars: ✭ 79 (-44.37%)

Mutual labels: uefi

Refind Minimal

A stunningly clean theme for the rEFInd UEFI boot manager.

Stars: ✭ 1,585 (+1016.2%)

Mutual labels: uefi

Debootstick

Generate a bootable live image from any Debian/Ubuntu filesystem tree.

Stars: ✭ 48 (-66.2%)

Mutual labels: uefi

Sbupdate

Generate and sign kernel images for UEFI Secure Boot on Arch Linux

Stars: ✭ 119 (-16.2%)

Mutual labels: uefi

9pfspkg

Painless Network-Transparent Network Boot with 9P

Stars: ✭ 48 (-66.2%)

Mutual labels: uefi

Mu plus

Microsoft Core UEFI Value

Stars: ✭ 95 (-33.1%)

Mutual labels: uefi

Lenovo Thinkpad T450 Macos Catalina

Lenovo ThinkPad T450 || macOS Catalina || Hotpatched || Broadwell || *** iMessage: [email protected] ***

Stars: ✭ 132 (-7.04%)

Mutual labels: uefi

Znx

Operating system manager.

Stars: ✭ 127 (-10.56%)

Mutual labels: uefi

Tofita

🍬 All-new kernel for @GreenteaOS

Stars: ✭ 112 (-21.13%)

Mutual labels: uefi

View All Similar Projects ➔

sbctl - Secure Boot Manager

The goal of the project is to have one consistent UI to manage secure boot keys.

Features

Manages secure boot keys
Live enrollment of secure boot keys
Signing database to help keep track of files to sign
Verify ESP of files missing signatures
EFI stub generation

Roadmap

Convert to use goefi instead of relying on sbsigntools
Key rotation
Customize keys
Secure the keys

Support and development channel

#sbctl on the freenode IRC network.

Usage

$ sbctl
Secure Boot key manager

Usage:
  sbctl [command]

Available Commands:
  bundle           Bundle the needed files for an EFI stub image
  create-keys      Create a set of secure boot signing keys
  enroll-keys      Enroll the current keys to EFI
  generate-bundles Generate all EFI stub bundles
  help             Help about any command
  list-bundles     List stored bundles
  list-files       List enrolled files
  remove-bundle    Remove bundle from database
  remove-file      Remove file from database
  sign             Sign a file with secure boot keys
  sign-all         Sign all enrolled files with secure boot keys
  status           Show current boot status
  verify           Find and check if files in the ESP are signed or not

Flags:
  -h, --help   help for sbctl

Use "sbctl [command] --help" for more information about a command.

Key creation and enrollment

# sbctl status
==> WARNING: Setup Mode: Enabled
==> WARNING: Secure Boot: Disabled

# sbctl create-keys
==> Creating secure boot keys...
  -> Using UUID d6e9af79-c6b5-4b43-b893-dbb7e6570142...
==> Signing /usr/share/secureboot/keys/PK/PK.der.esl with /usr/share/secureboot/keys/PK/PK.key...
==> Signing /usr/share/secureboot/keys/KEK/KEK.der.esl with /usr/share/secureboot/keys/PK/PK.key...
==> Signing /usr/share/secureboot/keys/db/db.der.esl with /usr/share/secureboot/keys/KEK/KEK.key...

# sbctl enroll-keys
==> Syncing /usr/share/secureboot/keys to EFI variables...
==> Synced keys!

# sbctl status
==> Setup Mode: Disabled
==> WARNING: Secure Boot: Disabled

// Reboot!
# sbctl status
==> Setup Mode: Disabled
==> Secure Boot: Enabled

Signatures

# sbctl verify
==> Verifying file database and EFI images in /efi...
  -> WARNING: /boot/vmlinuz-linux is not signed
  -> WARNING: /efi/EFI/BOOT/BOOTX64.EFI is not signed
  -> WARNING: /efi/EFI/BOOT/KeyTool-signed.efi is not signed
  -> WARNING: /efi/EFI/Linux/linux-linux.efi is not signed
  -> WARNING: /efi/EFI/arch/fwupdx64.efi is not signed
  -> WARNING: /efi/EFI/systemd/systemd-bootx64.efi is not signed

# sbctl sign -s /efi/EFI/BOOT/BOOTX64.EFI
==> Signing /efi/EFI/BOOT/BOOTX64.EFI...

# sbctl sign -s /efi/EFI/arch/fwupdx64.efi
==> Signing /efi/EFI/arch/fwupdx64.efi...

# sbctl sign -s /efi/EFI/systemd/systemd-bootx64.efi
==> Signing /efi/EFI/systemd/systemd-bootx64.efi...

# sbctl sign -s /usr/lib/fwupd/efi/fwupdx64.efi -o /usr/lib/fwupd/efi/fwupdx64.efi.signed
==> Signing /usr/lib/fwupd/efi/fwupdx64.efi...

# sbctl verify
==> Verifying file database and EFI images in /efi...
  -> /usr/lib/fwupd/efi/fwupdx64.efi.signed is signed
  -> /efi/EFI/BOOT/BOOTX64.EFI is signed
  -> /efi/EFI/arch/fwupdx64.efi is signed
  -> /efi/EFI/systemd/systemd-bootx64.efi is signed
  -> WARNING: /boot/vmlinuz-linux is not signed
  -> WARNING: /efi/EFI/BOOT/KeyTool-signed.efi is not signed
  -> WARNING: /efi/EFI/Linux/linux-linux.efi is not signed

# sbctl list-files
==> File: /efi/EFI/BOOT/BOOTX64.EFI
==> File: /efi/EFI/arch/fwupdx64.efi
==> File: /efi/EFI/systemd/systemd-bootx64.efi
==> File: /efi/vmlinuz-linux
==> File: /usr/lib/fwupd/efi/fwupdx64.efi
  -> Output: /usr/lib/fwupd/efi/fwupdx64.efi.signed

Generate EFI Stub

# sbctl bundle -s -i /boot/intel-ucode.img \
      -l /usr/share/systemd/bootctl/splash-arch.bmp \
      -k /boot/vmlinuz-linux \
      -f /boot/initramfs-linux.img \
      /boot/EFI/Linux/linux-linux.efi
==> Wrote EFI bundle /boot/EFI/Linux/linux-linux.efi
==> Bundle: /boot/EFI/Linux/linux-linux.efi
  -> Intel Microcode: /boot/intel-ucode.img
  -> Kernel Image: /boot/vmlinuz-linux
  -> Initramfs Image: /boot/initramfs-linux.img
  -> Cmdline: /proc/cmdline
  -> OS Release: /usr/lib/os-release
  -> EFI Stub Image: /usr/lib/systemd/boot/efi/linuxx64.efi.stub
  -> ESP Location: /efi
  -> Splash Image: /usr/share/systemd/bootctl/splash-arch.bmp
  -> Output: /boot/EFI/Linux/linux-linux.efi

# sbctl list-bundles
==> Bundle: /boot/EFI/Linux/linux-linux.efi
  -> Intel Microcode: /boot/intel-ucode.img
  -> Kernel Image: /boot/vmlinuz-linux
  -> Initramfs Image: /boot/initramfs-linux.img
  -> Cmdline: /proc/cmdline
  -> OS Release: /usr/lib/os-release
  -> EFI Stub Image: /usr/lib/systemd/boot/efi/linuxx64.efi.stub
  -> ESP Location: /efi
  -> Splash Image: /usr/share/systemd/bootctl/splash-arch.bmp
  -> Output: /boot/EFI/Linux/linux-linux.efi

# sbctl generate-bundles
==> Generating EFI bundles....
==> Wrote EFI bundle /boot/EFI/Linux/linux-linux.efi

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].

Stars: ✭ 142

Visit Git Page 🔗Visit User Page 🔗Visit Issues Page (21) 🔗