GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → julian-klode → sicherboot

julian-klode / sicherboot

Licence: other
Unmaintained systemd-boot integration with secure boot support; consider https://github.com/Foxboron/sbctl instead.

Programming Languages

shell
77523 projects
Makefile
30231 projects

Labels

debiansystemdespuefisignedbootloaderefisecure-bootsystemd-bootgummiboot

Projects that are alternatives of or similar to sicherboot

uefi-elf-bootloader
UEFI ELF Bootloader example
Stars: ✭ 40 (+29.03%)
Mutual labels:  uefi, bootloader, efi
efi
Ergonomic Rust framework for writing UEFI applications.
Stars: ✭ 44 (+41.94%)
Mutual labels:  uefi, bootloader, efi
Veracrypt Dcs
VeraCrypt EFI Bootloader for EFI Windows system encryption (LGPL)
Stars: ✭ 81 (+161.29%)
Mutual labels:  uefi, bootloader, efi
Hackintosh-ASUS-A455LF-Notebook
EFI Folder for ASUS A455LF-WX039D Notebook Series with Clover/OpenCore Legacy or UEFI
Stars: ✭ 27 (-12.9%)
Mutual labels:  uefi, bootloader, efi
SELoader
Secure EFI Loader designed to authenticate the non-PE files
Stars: ✭ 38 (+22.58%)
Mutual labels:  bootloader, efi, secure-boot
meta-secure-core
OpenEmbedded layer for the use cases on secure boot, integrity and encryption
Stars: ✭ 80 (+158.06%)
Mutual labels:  uefi, efi, secure-boot
Multibootusb
Create multiboot live Linux on a USB disk...
Stars: ✭ 1,042 (+3261.29%)
Mutual labels:  uefi, efi
Tomatboot
A UEFI 64bit Bootloader
Stars: ✭ 109 (+251.61%)
Mutual labels:  uefi, bootloader
Hekate
hekate - A GUI based Nintendo Switch Bootloader
Stars: ✭ 3,286 (+10500%)
Mutual labels:  uefi, bootloader
Ventoy
A new bootable USB solution.
Stars: ✭ 29,413 (+94780.65%)
Mutual labels:  uefi, secure-boot
clr-boot-manager
Kernel & Boot Loader Management
Stars: ✭ 101 (+225.81%)
Mutual labels:  esp, uefi
Mkosi
Build Legacy-Free OS Images
Stars: ✭ 589 (+1800%)
Mutual labels:  debian, efi
Minimal
Minimal Linux Live (MLL) is a tiny educational Linux distribution, which is designed to be built from scratch by using a collection of automated shell scripts. Minimal Linux Live offers a core environment with just the Linux kernel, GNU C library, and Busybox userland utilities.
Stars: ✭ 1,014 (+3170.97%)
Mutual labels:  uefi, efi
Refind Minimal
A stunningly clean theme for the rEFInd UEFI boot manager.
Stars: ✭ 1,585 (+5012.9%)
Mutual labels:  uefi, bootloader
Rust Uefi Runtime Driver
Template for UEFI runtime drivers written in Rust with serial logging and debugging support.
Stars: ✭ 21 (-32.26%)
Mutual labels:  uefi, efi
Efiguard
Disable PatchGuard and DSE at boot time
Stars: ✭ 601 (+1838.71%)
Mutual labels:  uefi, efi
Mortar
Framework to join Linux's physical security bricks.
Stars: ✭ 80 (+158.06%)
Mutual labels:  debian, uefi
Debootstick
Generate a bootable live image from any Debian/Ubuntu filesystem tree.
Stars: ✭ 48 (+54.84%)
Mutual labels:  debian, uefi
Build
Armbian Linux build framework
Stars: ✭ 1,827 (+5793.55%)
Mutual labels:  debian, uefi
Efifs
EFI FileSystem drivers
Stars: ✭ 272 (+777.42%)
Mutual labels:  uefi, efi
View All Similar Projects ➔

systemd Secure boot integration

sicher*boot automatically installs systemd-boot and kernels for it into the ESP, signed with keys generated by it.

Run Status

SECURITY

The signing keys are stored unencrypted and only protected by the file system permissions. Thus, you should make sure that the file system they are stored (usually /etc) in is encrypted.

Setup

After installing sicherboot, you can adjust a number of settings in /etc/sicherboot.conf and should set a kernel commandline in /etc/kernel/cmdline.

Then run

sicherboot setup

to get started.

Limitations

  • Kernels and initramfs images must be named /boot/vmlinuz-<ver> and /boot/initrd.img-<ver>
  • Only a single ESP is supported.

Integrating with your package management

You want to run:

  • sicherboot bootctl update
    • whenever systemd is upgraded or installed
  • sicherboot install-kernel <ver>
    • when the kernel is installed and the initramfs was built
  • sicherboot remove-kernel <ver>
    • when the kernel shall be removed

As an example, kernel and initramfs contain integration with /etc/kernel and initramfs-tools. Install one of the kernel postinst.d scripts - the dracut one exists for dracut systems as a work around for dracut not supporting hooks.

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].