sbctl
sbctl copied to clipboard
Foxboron
:computer: :lock: :key: Secure Boot key manager
Issues should demand people attach the following outputs: * `sudo sbctl status` * `sudo hexdump -C /sys/firmware/efi/efivars/PK-8be4df61-93ca-11d2-aa0d-00e098032b8c` And we should preferably implement `sudo sbctl debug` as a hidden command so...
This is required before moving files from `/usr` into their proper locations. See: https://github.com/Foxboron/sbctl/issues/57
> /usr is the second major section of the filesystem. /usr is shareable, read-only data. That means that /usr should be shareable between various FHS-compliant hosts and must not be...
Generating a new bundle with an unmounted ESP would crash trying to find one, even if one was explicitly specified. This was due to Bundle instances always being created with...
Heftig is probably adding support for loading UEFI keys into the Linux keyring when secure boot is enabled. This allows us to use the db key for kernel module signing...
it would be cool to load the lists into `dbx`. https://uefi.org/revocationlistfile
I'm trying to use `sbctl` on Void linux, but it appears I'm not mounting the efivars correctly. Could you please point out the correct way to do it, without relying...
When updating my system with `yay` today I got the error `couldn't parse signature: WINCertificate revision should be 200, but is 0. Malformed or invalid: could not parse struct`. It...
With the systemd 250 approach of placing a signed copy of the boot loader at `/usr/lib/systemd/boot/efi/systemd-bootx64.efi.signed` for `bootctl update` to install (see #111) it's rather inconvenient that `zz-sbctl.hook` runs last,...
