Enabling secure boot for your Arch installation is very easy now with the "sbctl" tool

This page summarizes the projects mentioned and recommended in the original post on /r/archlinux
secureboot efi-stub signatures uefi-secureboot Uefi

InfluxDB
Our great sponsors
  • InfluxDB - Power Real-Time Data Analytics at Scale
  • WorkOS - The modern identity platform for B2B SaaS
  • SaaSHub - Software Alternatives and Reviews
Our great sponsors

  • sbctl

    :computer: :lock: :key: Secure Boot key manager

    • No problem! The sbctl package ships with a pretty extensive hook out of the box (https://github.com/Foxboron/sbctl/blob/master/contrib/pacman/ZZ-sbctl.hook). It's been very reliable for automatically resigning .efi executables after updates for me.

  • kernel-ark

    • EDIT: Actually, I tested this just now by setting module.sig_enforce=1 in the kernel cmdline and it doesn't work. It turns out Fedora/Ubuntu/etc ship this custom patch in the kernel that explicitly allows using platform (secure boot) keys for verifying kernel modules: https://gitlab.com/cki-project/kernel-ark/-/commit/07db43366d560153fd1d418cfebe2370fb20697e. The patch is not in the upstream kernel yet, so Arch doesn't have it.

  • InfluxDB

    Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.

    InfluxDB logo
NOTE: The number of mentions on this list indicates mentions on common posts plus user suggested alternatives. Hence, a higher number means a more popular project.

Suggest a related project

Related posts