mirror of https://github.com/CrimsonTome/tldr.git
30 lines
797 B
Markdown
30 lines
797 B
Markdown
# sbctl
|
|
|
|
> A user-friendly secure boot key manager.
|
|
> Note: not enrolling Microsoft's certificates can brick your system. See <https://github.com/Foxboron/sbctl/wiki/FAQ#option-rom>.
|
|
> More information: <https://github.com/Foxboron/sbctl#usage>.
|
|
|
|
- Show the current secure boot status:
|
|
|
|
`sbctl status`
|
|
|
|
- Create custom secure boot keys (everything is stored in `/usr/share/secureboot`):
|
|
|
|
`sbctl create-keys`
|
|
|
|
- Enroll the custom secure boot keys and Microsoft's UEFI vendor certificates:
|
|
|
|
`sbctl enroll-keys --microsoft`
|
|
|
|
- Sign an EFI binary with the created key and save the file to the database:
|
|
|
|
`sbctl sign {{-s|--save}} {{path/to/efi_binary}}`
|
|
|
|
- Re-sign all the saved files:
|
|
|
|
`sbctl sign-all`
|
|
|
|
- Verify that all EFI executables on the EFI system partition have been signed:
|
|
|
|
`sbctl verify`
|