Revisions of sbctl
buildservice-autocommit
accepted
request 1173965
from
Jan Loeser (jloeser)
(revision 10)
baserev update by copy to link target
Jan Loeser (jloeser)
accepted
request 1173789
from
smolsheep
(revision 9)
- Enable tests - Fix bashism error in 91-sbctl.install by using bash shebang - Service to use manual instead of deprecated disabled and pattern cleanup - Update to version 0.14: New commands * export-enrolled-keys will export all enrolled keys on the system to a directory * list-enrolled-keys will list the enrolled keys on the system New Things * The test suite has now been rewritten to use the new vmtest library. Bugfixes * sign-all won't abort when it encounters a file it can't sign. * The kernel-install hook won't try to sign things if there are no signing keys available. * The kernel-install hook will now only remove things if they actually did exist on the system. * The mkinitcpio hook now only sign the built kernel/UKI instead of all the sbctl files.
Jan Loeser (jloeser)
accepted
request 1153586
from
Jan Loeser (jloeser)
(revision 8)
Add maintainer to deb packages
buildservice-autocommit
accepted
request 1135886
from
Jan Loeser (jloeser)
(revision 7)
baserev update by copy to link target
Jan Loeser (jloeser)
accepted
request 1135228
from
smolsheep
(revision 6)
- Update to version 0.13: * --export,-e and --database-path,-d now work properly and don't overwrite the create-keys variables internally * remove erronous dbx enrollment. Previous release implemented support for dbx that doesn't really work as expected. It would also fail to enroll keys for previously setup clients. Implementation has been removed and will be iterated upon at a later date. * make: fix github artifact upload * Change shebang * Ensure file signing hook is run when initrd is rebuilt * Fixed typo, removed mention enroll-keys enables Secure Boot automatically * Ignore Setup mode and immutable variables for export * Specify file origin + always print signing message * tests/utils/certs.go: drop keyUsage bitfield * update manpage docs * allow specifying keys and GUID paths * Update README.md * keys.go: drop the keyUsage bitfield * Check and return Open errs * Update documentation for custom dbx
Ana Guerrero (anag+factory)
accepted
request 1127877
from
Jan Loeser (jloeser)
(revision 5)
initialized devel package after accepting 1127877
Jan Loeser (jloeser)
accepted
request 1127869
from
Jan Loeser (jloeser)
(revision 4)
Add Copyright comment
Jan Loeser (jloeser)
accepted
request 1119296
from
smolsheep
(revision 3)
- Update to version 0.12: * sbctl bundle might be depreciated in the future. * sbctl now allows you to enroll custom certificates into KEK and db. * sbctl now allows keys to be exported as EFI Signature Lists (esl) or EFI Authenticated Variables (auth), which are pre-signed. * sbctl can now enroll certificates found in dbxDefault, dbDefault, KEKDefault and PKDefault. * Before this release sbctl would enroll, reset and rotate the entire key hierarchy when requested. With this release several improvements have been made to have the ability to support partial key hierarchies. This can be used through the --partial flag in their respective commands. * add documentation for the extra flags of enroll/rotate/reset * feat: add option to remove specific certs from db instead of an entire reset * feat: add append option to enroll-keys * feat: force key flag * Add support for OEM dbx enrollment * feat(dbx): enroll/rotate/reset dbx keys * feat(rotate): enable partial rotation and providing different sources * feat(reset): enable partial resets of secureboot keys * feat(enroll-keys): add partial enrollment of keys * Implement full support for loading builtin firmware certificates * Add support for loading certificates from dbDefault
Jan Loeser (jloeser)
accepted
request 1074719
from
Jan Loeser (jloeser)
(revision 2)
Use latest tag from repository
Michael Vetter (jubalh)
accepted
request 1074682
from
Jan Loeser (jloeser)
(revision 1)
I want to maintain sbctl in Factory and would like to use utilities as the devel/feeder project. sbctl intends to be a user-friendly secure boot key manager capable of setting up secure boot, offer key management capabilities, and keep track of files that needs to be signed in the boot chain.
Displaying all 10 revisions