https://linderud.dev/tags/secure-boot/ Recent content in Secure Boot on Morten Linderud Hugo nb Mon, 18 May 2020 00:00:00 +0200 https://linderud.dev/blog/improving-the-secure-boot-user-experience/ Mon, 18 May 2020 00:00:00 +0200 https://linderud.dev/blog/improving-the-secure-boot-user-experience/ <p>Secure boot tooling is terrible, can we do better?</p> <p>Currently the most widely used tooling for secure boot is the Ubuntu <a href="https://git.kernel.org/pub/scm/linux/kernel/git/jejb/sbsigntools.git/">sbsigntools</a> and <a href="https://git.kernel.org/pub/scm/linux/kernel/git/jejb/efitools.git">efitools</a>. If you are currently using secure boot both of these packages are probably installed on your system. Both of them support the basics of generating signature lists and signing the EFI variables with certificates, but they still have differences which is a source of confusion.</p> <p><code>efitools</code> has 3 different ways of generating signature lists: <code>cert-to-efi-hash-list</code>, <code>cert-to-sig-list</code> and <code>hash-to-efi-sig-list</code>. &ldquo;Luckily&rdquo; there are man pages you can read which assumes you have some familiarity with UEFI itself.</p>