table of contents
- unstable 0.1.5
sicherboot(8) | sicherboot(8) |
NAME¶
sicherboot - systemd-boot integration with UEFI secure boot support
SYNOPSIS¶
sicherboot [command] [arg...]
DESCRIPTION¶
sicherboot manages the systemd-boot bootloader and kernels in an EFI System Partition (ESP). It stores a set of keys in /etc/sicherboot/keys to sign the binaries for use with secure boot.
INITIAL SETUP¶
After installation of sicherboot, setup /etc/kernel/cmdline and perhaps change some options in /etc/sicherboot/sicherboot.conf to your liking.
Once you have configured sicherboot as you want, run sicherboot setup to perform the initial installation.
- sicherboot setup
- Performs the initial installation of sicherboot to the ESP. This basically runs enroll-keys, install-kernel, bootctl install, asking before each step.
KEY MANAGEMENT¶
- sicherboot generate-keys
- Generates keys in the directory configured in the KEY_HOME option.
- sicherboot enroll-keys
- Copies the public keys into the ESP, first running generate-keys if no keys exist yet.
KERNEL MANAGEMENT¶
- sicherboot install-kernel [VERSION]
- Install the specified kernel version to the ESP, with initramfs and signed
- sicherboot remove-kernel [VERSION]
- Remove the specified kernel version from the ESP
OTHER TOOLS¶
- sicherboot bootctl [ARGUMENT...]
- Run the bootctl program with the specified arguments, and sign the bootloader afterwards.
- sicherboot sign-image EXECUTABLE
- Sign the given executable using the db key.
FILES¶
- /etc/sicherboot/sicherboot.conf
- The sicherboot configuration file
- /etc/sicherboot/keys
- The default key storage location
- /etc/kernel/cmdline
- Kernel command line configuration file
AUTHORS¶
Julian Andres Klode.
September 6, 2016 | Sicherboot User Manuals |