Linux command
sbctl 命令
文本
复制后可按需替换文件名、目录或参数。
常用示例
Example
sbctl status
Create
sbctl create-keys
Enroll
sbctl enroll-keys -m
List
sbctl list-files
Sign
sbctl sign -s path/to/efi_binary
Re-sign
sbctl sign-all
Verify
sbctl verify
说明
sbctl is a user-friendly secure boot key manager. It simplifies creating, enrolling, and managing custom secure boot keys and signing EFI binaries. Custom keys allow booting only signed kernels and bootloaders, enhancing system security.
参数
- status
- Show secure boot status
- create-keys
- Generate custom secure boot keys
- enroll-keys
- Enroll keys into UEFI firmware
- -m, --microsoft
- Include Microsoft UEFI vendor certificates
- sign
- Sign EFI binary
- -s, --save
- Save file to database for re-signing
- sign-all
- Re-sign all saved files
- verify
- Verify EFI executables are signed
- list-files
- List files in the signing database
- remove-file _file_
- Remove a file from the signing database
- setup
- Automated setup of secure boot (create keys, sign, enroll)
FAQ
What is the sbctl command used for?
sbctl is a user-friendly secure boot key manager. It simplifies creating, enrolling, and managing custom secure boot keys and signing EFI binaries. Custom keys allow booting only signed kernels and bootloaders, enhancing system security.
How do I run a basic sbctl example?
Run `sbctl status` in a terminal, then adjust file names, paths, flags, or remote targets for your system.
What does status do in sbctl?
Show secure boot status