LinuxCommandLibrary

sbctl

A user-friendly secure boot key manager.

TLDR

Show the current secure boot status

$ sbctl status
copy


Create custom secure boot keys (by default, everything is stored in /var/lib/sbctl)
$ sbctl create-keys
copy


Enroll the custom secure boot keys and Microsoft's UEFI vendor certificates
$ sbctl enroll-keys --microsoft
copy


Automatically run create-keys and enroll-keys based on the settings in /etc/sbctl/sbctl.conf
$ sbctl setup --setup
copy


Sign an EFI binary with the created key and save the file to the database
$ sbctl sign [-s|--save] [path/to/efi_binary]
copy


Re-sign all the saved files
$ sbctl sign-all
copy


Verify that all EFI executables on the EFI system partition have been signed
$ sbctl verify
copy

Copied to clipboard