secure-boot
secure-boot copied to clipboard
gdamjan
UEFI SecureBoot for ArchLinux
https://wiki.archlinux.org/index.php/Unified_Extensible_Firmware_Interface/Secure_Boot#Using_sbkeysync sbkeysync, part of sbsigntools, is a tool to enroll the keys automatically. Alas, it assumes its own directory structure for the keys and certificates a bit different than what...
`efi-updatevar` can do it. Preliminary support in 889cc7a
Investigate the possibility of storing the private keys in a smart-card. `sbsign` doesn't support that for now. Do we need all of the private keys in a smart-card or the...
Thanks for a well written script to manage secure boot on Arch. It helped me a lot to setup on my own computer. One potential issue I noticed is that...
`kernel-install`: https://www.freedesktop.org/software/systemd/man/kernel-install.html currently this tool runs on kernel package updates, but it needs to run when `/boot/initramfs-*` is updated too (which can happen at random times). if Arch would move...
The keys in /etc/secure-boot/*.key should be protected, maybe moved on an automount usb or protected with a passphrase. For the second option that would interfere with automatically running the post-install...