commands.sh

sbctl

linux

A user-friendly secure boot key manager. Note: Not enrolling Microsoft's certificates can brick your system. See <https://github.com/Foxboron/sbctl/wiki/FAQ#option-rom>.

More info →

Options (2)

-m, --microsoftboolean

Enroll the custom secure boot keys and Microsoft's UEFI vendor certificates

Example: sbctl enroll-keys {{[-m|--microsoft]}}
-s, --saveboolean

Sign an EFI binary with the created key and save the file to the database

Example: sbctl sign {{[-s|--save]}} {{path/to/efi_binary}}

Examples (7)

Show the current secure boot status

sbctl status

Create custom secure boot keys (by default, everything is stored in `/var/lib/sbctl`)

sbctl create-keys

Enroll the custom secure boot keys and Microsoft's UEFI vendor certificates

sbctl enroll-keys [-m|--microsoft]

Automatically run `create-keys` and `enroll-keys` based on the settings in `/etc/sbctl/sbctl.conf`

sbctl setup --setup

Sign an EFI binary with the created key and save the file to the database

sbctl sign [-s|--save] path/to/efi_binary

Re-sign all the saved files

sbctl sign-all

Verify that all EFI executables on the EFI system partition have been signed

sbctl verify
made by @shridhargupta | data from tldr-pages