f1e8535986
Deprecation notice for bundles
...
Signed-off-by: Morten Linderud <morten@linderud.pw >
2024-07-31 12:03:29 +02:00
bdf2c637d5
Implement support for TPM key files
...
Support TPM TSS2 key files for signing secure boot things
Signed-off-by: Morten Linderud <morten@linderud.pw >
2024-07-31 00:14:26 +02:00
b969902d44
sbctl: setup debug logging
...
Signed-off-by: Morten Linderud <morten@linderud.pw >
2024-07-29 22:17:13 +02:00
c9d25391a9
sbctl: implement landlock sandboxing
...
Signed-off-by: Morten Linderud <morten@linderud.pw >
2024-07-29 21:30:46 +02:00
10204e8716
sbctl.8: add config file and mention the new paths
...
Signed-off-by: Morten Linderud <morten@linderud.pw >
2024-07-28 13:21:21 +02:00
19f201f90c
sbctl.8: mention the new --setup switch
...
Signed-off-by: Morten Linderud <morten@linderud.pw >
2024-07-28 13:21:10 +02:00
c7ffaf0c63
sbctl.8: fix some typesetting issues
...
Signed-off-by: Morten Linderud <morten@linderud.pw >
2024-07-28 13:19:49 +02:00
ddfa5c4ab3
sbctl: add manpage for sbctl.conf
...
Signed-off-by: Morten Linderud <morten@linderud.pw >
2024-07-24 21:15:33 +02:00
78476facea
docs: Add man page for new command
...
Signed-off-by: Morten Linderud <morten@linderud.pw >
2024-05-08 22:46:23 +02:00
127bf28e23
Add Option ROM warning to Usage section of the manpage
...
The text in the usage section did not mention that some firmware might need Microsoft certificates as well, so I copied pasted it from a section above.
Some `$`s were also changed to `#`s to indicate that they should be run as root.
2024-04-24 06:30:30 +00:00
0ef7b8f04c
Added man page for list-enrolled-keys
...
Signed-off-by: Morten Linderud <morten@linderud.pw >
2024-04-22 20:00:00 +02:00
c01ac5e21b
Fixed typo, removed mention enroll-keys enables Secure Boot automatically
2023-12-17 17:56:06 -05:00
ff5369185b
revert dbx enrollment
...
Needs to be iterated on, and preferably not work as the existing key
databases.
Reverts: 31c1228c15dae25b8abdmorten@linderud.pw >
2023-11-19 19:00:21 +01:00
c5f71299be
update manpage docs
2023-11-11 06:51:30 -05:00
21a3c7e957
Update documentation for custom dbx
...
The support was introduced in dae25b8
2023-10-23 12:17:45 +02:00
954cb8e9cc
add documentation for the extra flags of enroll/rotate/reset
...
Signed-off-by: Fabian Wienand <fabian.wienand@9elements.com >
2023-09-20 12:02:35 +02:00
b35e74e2cb
Implement full support for loading builtin firmware certificates
...
Signed-off-by: Morten Linderud <morten@linderud.pw >
2023-06-25 15:13:18 +02:00
4e033e284f
enroll-keys: implement --export
...
Export the keys we intend to enroll as .auth or .esl files
Signed-off-by: Morten Linderud <morten@linderud.pw >
2023-06-18 15:30:29 +02:00
c96abdb87f
Allow enrolling custom db and KEK certs
2023-05-11 16:44:56 +02:00
dcdc703aa9
verify: Implement file verification
...
Fixes https://github.com/Foxboron/sbctl/issues/163
2022-12-15 23:21:08 +01:00
af36eca1bc
rotate-keys: Implement rotate-keys
2022-12-11 20:05:24 +01:00
0849db96d3
Fix typos and some improve grammar a bit
...
Signed-off-by: Patrik Tesarik <mail@patrik-tesarik.de >
2022-12-05 16:24:21 +01:00
823cfad0cf
sbctl.8: Provide more precide setup mode instructions
...
The previous instructions were completely wrong: To entroll custom keys
the firmware has to be in setup mode. By enrolling our own keys we enter
user mode! Also, setup mode is automatically entered on PK enrollment,
requiring no further user interaction in the firmware.
2022-11-25 17:43:22 +01:00
af2b9f12af
Add example workflow with real screenshots
2022-11-12 18:44:51 +01:00
242c3f6604
update manpage to reflect defaults in bundle.go
2022-10-18 02:08:47 +02:00
Morten Linderud
cd CreepArghhh_
Trey Blancher
Luke Kuzmish
Cornelius Hoffmann
Fabian Wienand
Patrik Tesarik
Jan Janssen
Sebin Nyshkim