Explore >> Select a destination
|
You are here 
|
copyninja.in | ||
| | | | |
wejn.org
|
|
| | | | | A recap of upgrade from grub 2.06 to 2.12 gone bad (broken SecureB00t). And how to fix it. | |
| | | | |
blog.aurel32.net
|
|
| | | | | On the riscv64 port, the default boot method is UEFI, with U-Boot typically used as the firmware. This approach aligns more closely with other... | |
| | | | |
blog.jak-linux.org
|
|
| | | | | Today, I wrote sicherboot, a tool to integrate systemd-boot into a Linux distribution in an entirely new way: With secure boot support. To be precise: The use case here is to only run trusted code which then unmounts an otherwise fully encrypted disk, as in my setup: If you want, sicherboot automatically creates db, KEK, and PK keys, and puts the public keys on your EFI System Partition (ESP) together with the KeyTool tool, so you can enroll the keys in UEFI. You can of course also use other keys, you just need to drop a db.crt and a db.key file into /etc/sicherboot/keys. It would be nice if sicherboot could enroll the keys directly in Linux, but there seems to be a bug in efitools preventing that at the moment. For some background: The Platform Key (PK) signs the Key Exchange Key (KEK) which signs the database key (db). The db key is the one signing binaries. | |
| | | | |
cookie.engineer
|
|
| | | Arch Linux Installation Guide (GRUB) | ||
