# sbctl

> A user-friendly secure boot key manager.
> Note: not enrolling Microsoft's certificates can brick your system. See <https://github.com/Foxboron/sbctl/wiki/FAQ#option-rom>.
> More information: <https://github.com/Foxboron/sbctl#usage>.

- Show the current secure boot status:

`sbctl status`

- Create custom secure boot keys (everything is stored in `/usr/share/secureboot`):

`sbctl create-keys`

- Enroll the custom secure boot keys and Microsoft's UEFI vendor certificates:

`sbctl enroll-keys --microsoft`

- Sign an EFI binary with the created key and save the file to the database:

`sbctl sign {{-s|--save}} {{path/to/efi_binary}}`

- Re-sign all the saved files:

`sbctl sign-all`

- Verify that all EFI executables on the EFI system partition have been signed:

`sbctl verify`