AlaK4X
Linux lhjmq-records 5.15.0-118-generic #128-Ubuntu SMP Fri Jul 5 09:28:59 UTC 2024 x86_64



Your IP : 3.144.255.247


Current Path : /usr/share/doc/secureboot-db/
Upload File :
Current File : //usr/share/doc/secureboot-db/README.Debian

secureboot-db for Ubuntu
------------------------

When Secure Boot is enabled, the bootloader must be signed by an entry in the
Secure Boot DB. If the signature verifies and the entry does not appear in the
DBX blacklist, the boot process is allowed to continue. Each stage of the boot
process may also be verified against DB and DBX. DB and DBX will need to be
updated for certificate updates and additions to the blacklist, and this
package provides the mechanism do so. It works by adding signed updates to
/usr/share/secureboot/updates and then runs sbkeysync on them. Eg:

$ sudo sbkeysync --no-default-keystores \
                 --keystore /usr/share/secureboot/updates

Note that this package tries to add all keys from the keystore that are not
found in the key databases in firmware. When secure boot is enabled, updates to
DB and DBX can only be performed if they are signed by an entry in the KEK
database.

 -- Jamie Strandboge <jamie@ubuntu.com>  Tue, 04 Dec 2012 13:22:03 -0600