Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
shim
- Critical bug that exists in every Linux boot loader signed in the past decade
-
Signing a UEFI module
Microsoft doesn't really sign other people's code for UEFI. They do sign shim (https://github.com/rhboot/shim) which will look at other keys the user registered with UEFI to load other components to enable you to write custom third party UEFI modules while still supporting secure boot.
-
The vendor-locking is for your own safety. Do not resist.
In this case, the distros first boot loader is shim, which is signed by Microsoft. Shim is FOSS: https://github.com/rhboot/shim
-
SBAT for rEFInd
How do I get dual boot set up and running? There doesn't seem so much documentation about this sbat chicanery as it was introduced to shim in 2021 and patched in rEFInd a bit more than a month ago, so I suppose not enough people have had this trouble yet.
-
Microsoft VS BlackLotus Malware
Secure boot still isn't "secure" at all because microsoft has signed multiple bootloaders with their own keys, which exist only to chain load a second bootloader. See https://github.com/rhboot/shim and https://blog.hansenpartnership.com/linux-foundation-secure-boot-system-released/
-
First in-the-wild UEFI bootkit bypassing UEFI Secure Boot
A new mechanism called SBAT (https://github.com/rhboot/shim/blob/main/SBAT.md) is now used to allow revocation of groups of bootloaders rather than individual hashes in order to mitigate the resource consumption
-
Ultimate guide to Pop OS secure boot with NVIDIA.
{ echo "sbat,1,SBAT Version,sbat,1,https://github.com/rhboot/shim/blob/main/SBAT.md" echo "systemd-boot,1,systemd,systemd-boot,1,https://systemd.io" } > sbat.csv
- How to add an SBAT section to grub and resign?
-
Unable to install Fedora 36 with secure boot enabled.
Yeah, that incident instigated a totally new approach to revoking bad bootloaders that everybody (including Microsoft) should be using nowadays. So I guess HP just never got the memo.
- Invalid image when trying to boot Nobara Project USB image (both Gnome and KDE)
xtermwm
-
What CLI/TUI programs do you wish existed/were better?
It's working, behaves pretty well, but I have no time/patience for the actual front-facing OSS community stuff.
- Xterm Window Manager
What are some alternatives?
tpm-km - yet another pack of scripts for TPM2+Luks
Orca - Esoteric Programming Language
tpm-luks
stig - TUI and CLI for the BitTorrent client Transmission
tpm2KeyUnlock - Adds an automated unlock function based on TPM policy installation
Bytelocker - Unlock encrypted system volume automatically during boot using TPM2 (Trusted Platform Module 2.0) protection, very fast.
tpm2-initramfs-tool - Tool used in initramfs to seal/unseal FDE key to the TPM
WoeUSB - A Microsoft Windows® USB installation media preparer for GNU+Linux
tremc - Curses interface for transmission [Moved to: https://github.com/tremc/tremc]
uefi-ntfs - UEFI:NTFS - Boot NTFS or exFAT partitions from UEFI
jexer - Java Text User Interface. This library implements a text-based windowing system loosely reminiscent of Borland's Turbo Vision system