Morten LinderudOct 7

New release of #sbctl

Contains support for yubikey as a key backend, and fixes an annoying bug where `sbctl verify` would choke on non-PE executables.

https://github.com/Foxboron/sbctl/releases/tag/0.18

#SecureBoot #Linux #Security

Release 0.18 · Foxboron/sbctl

ImportantBinary builds are broken in the CI because of the new pcsclite dependency with cgo. Work in progress to fix. Support for yubikey sbctl now supports a yubikey backend for signing keys. Th...

GitHub
Morten LinderudAug 30, 2025

~~I mean...

I did add the switches #sbctl `--yolo` and `--yes-this-might-brick-my-machine` for `enroll-keys` as dealing with the errors is a bit annoying when you know what you are doing.

But downstreams using these flags without even considering giving people a warning is... not great?

Looking at you #NixOS

#SecureBoot

EDIT: It was some test integration code 🫠

Aku KotkavuoAug 8, 2025

Today it finally happened: Battlefield 6 Beta requires Secure Boot enabled on Windows, so I had to finally enable it while dualbooting.

I'm so happy that I found the excellent https://github.com/Foxboron/sbctl created by @Foxboron. The whole process was *much* less painful than I thought it would be thanks to this tool. Thank you Morten!

#linux #sbctl

GitHub - Foxboron/sbctl: :computer: :key: Secure Boot key manager

:computer: :lock: :key: Secure Boot key manager. Contribute to Foxboron/sbctl development by creating an account on GitHub.

GitHub
Morten LinderudJul 19, 2025

Basic pleasure of looking up mentions of #sbctl in any secure boot articles with a comment section.

I think i did something right there.

Morten LinderudMay 30, 2025
Huh, missed the 5 year anniversary of #sbctl.
Originally started on the 3rd of May in 2020. Mainly a COVID project and seems like people have benefitted from it.

Should probably try get a 1.0 release out the door though 🫠
Morten LinderudApr 28, 2025

sbctl got a new release to ensure we bundle the new and updated 2023 certificates from Microsoft.

https://github.com/Foxboron/sbctl/releases/tag/0.17

#SecureBoot #sbctl #Security #Golang

Release 0.17 · Foxboron/sbctl

Changelog Small release to ensure sbctl comes preloaded with the new 2023 Microsoft certificates. Ensure we don't wrongly compare input/output files when signing Added --json supprt to sbctl verif...

GitHub
Morten LinderudMar 1, 2025

Currently shopping for ideas and opinions on how `sbctl` should approach the revocation list in Secure Boot (`dbx`).

https://github.com/Foxboron/sbctl/issues/23

Feel free to come with ideas but trying to keep things simple is the goal here.

#sbctl #SecureBoot #Security

Support for revocations and DBX updates · Issue #23 · Foxboron/sbctl

sbctl should manage the dbx database as well. UI mock up sbctl dbx update sbctl dbx add bin sbctl dbx add --siglist siglist sbctl dbx remove bin sbctl dbx remove --siglist siglist sbctl dbx list Fo...

GitHub
Morten LinderudFeb 7, 2025

Dmitriy from @siderolabs did a couple of optimization changes to my `go-uefi` library.

Results in a reduction of their memory usage from 1.6 GiB to 80 MiB(!)

https://github.com/Foxboron/go-uefi/pull/23

https://github.com/Foxboron/go-uefi/pull/24

#Golang #SecureBoot #UEFI #sbctl

authenticode: reduce memory allocations by DmitriyMV · Pull Request #23 · Foxboron/go-uefi

This PR does those things: If we know that io.ReaderAt also implements io.Seeker we can calculate the whole size, those avoiding unnecessary reallocations during buffer growth. Sort using generics...

GitHub
Morten LinderudFeb 6, 2025

Next release of #sbctl have to be more buggy. Sorry to disappoint.

https://github.com/Foxboron/sbctl/issues/415

I don't make the rules.

Everything worked perfectly · Issue #415 · Foxboron/sbctl

I had no issues when setting up secure boot on my Thinkpad X1. This was very weird and unexpected, and makes me worried that something went wrong since most of the time dealing with UEFI Secure Boo...

GitHub
Adrien DorsazSep 17, 2024

Nouvel article sur mon blog où je présente comment j'ai fait une installation personnalisée de Debian avec disque chiffré par LUKS v2, volumes Btrfs, systemd-boot et Secure Boot.

https://adorsaz.ch/articles/installation-personnalis%C3%A9e-de-debian.html

#debian #sbctl #secureboot #btrfs #debootstrap #luks

---

PS: Les réponses à ce message apparaîtront comme commentaire sous l'article.

Installation personnalisée de Debian avec disque chiffré par LUKS v2, volumes Btrfs, systemd-boot et Secure Boot