|
|
@@ -0,0 +1,29 @@
|
|
|
+# sbctl
|
|
|
+
|
|
|
+> A user-friendly secure boot key manager.
|
|
|
+> Note: not enrolling Microsoft's certificates can brick your system. See <https://github.com/Foxboron/sbctl/wiki/FAQ#option-rom>.
|
|
|
+> More information: <https://github.com/Foxboron/sbctl#usage>.
|
|
|
+
|
|
|
+- Show the current secure boot status:
|
|
|
+
|
|
|
+`sbctl status`
|
|
|
+
|
|
|
+- Create custom secure boot keys (everything is stored in `/usr/share/secureboot`):
|
|
|
+
|
|
|
+`sbctl create-keys`
|
|
|
+
|
|
|
+- Enroll the custom secure boot keys and Microsoft's UEFI vendor certificates:
|
|
|
+
|
|
|
+`sbctl enroll-keys --microsoft`
|
|
|
+
|
|
|
+- Sign an EFI binary with the created key and save the file to the database:
|
|
|
+
|
|
|
+`sbctl sign {{-s|--save}} {{path/to/efi_binary}}`
|
|
|
+
|
|
|
+- Re-sign all the saved files:
|
|
|
+
|
|
|
+`sbctl sign-all`
|
|
|
+
|
|
|
+- Verify that all EFI executables on the EFI system partition have been signed:
|
|
|
+
|
|
|
+`sbctl verify`
|
Lena