NAME¶

sicherboot - systemd-boot integration with UEFI secure boot support

SYNOPSIS¶

sicherboot [command] [arg...]

DESCRIPTION¶

sicherboot manages the systemd-boot bootloader and kernels in an EFI System Partition (ESP). It stores a set of keys in /etc/sicherboot/keys to sign the binaries for use with secure boot.

INITIAL SETUP¶

After installation of sicherboot, setup /etc/kernel/cmdline and perhaps change some options in /etc/sicherboot/sicherboot.conf to your liking.

Once you have configured sicherboot as you want, run sicherboot setup to perform the initial installation.

sicherboot setup: Performs the initial installation of sicherboot to the ESP. This basically runs enroll-keys, install-kernel, bootctl install, asking before each step.

KEY MANAGEMENT¶

sicherboot generate-keys: Generates keys in the directory configured in the KEY_HOME option.

sicherboot enroll-keys: Copies the public keys into the ESP, first running generate-keys if no keys exist yet.

KERNEL MANAGEMENT¶

sicherboot install-kernel [VERSION]: Install the specified kernel version to the ESP, with initramfs and signed

sicherboot remove-kernel [VERSION]: Remove the specified kernel version from the ESP

OTHER TOOLS¶

sicherboot bootctl [ARGUMENT...]: Run the bootctl program with the specified arguments, and sign the bootloader afterwards.

sicherboot sign-image EXECUTABLE: Sign the given executable using the db key.

FILES¶

/etc/sicherboot/sicherboot.conf: The sicherboot configuration file

/etc/sicherboot/keys: The default key storage location

/etc/kernel/cmdline: Kernel command line configuration file

AUTHORS¶

Julian Andres Klode.

September 6, 2016

Sicherboot User Manuals

Source file:	sicherboot.8.en.gz (from sicherboot 0.1.5)
Source last updated:	2018-03-16T10:42:59Z
Converted to HTML:	2022-09-07T22:18:14Z