D7net Mini Sh3LL v1
Current File : /var/../bin/../include/../share/doc/nano/../dash/../make/../secureboot-db/README.Debian |
secureboot-db for Ubuntu
------------------------
When Secure Boot is enabled, the bootloader must be signed by an entry in the
Secure Boot DB. If the signature verifies and the entry does not appear in the
DBX blacklist, the boot process is allowed to continue. Each stage of the boot
process may also be verified against DB and DBX. DB and DBX will need to be
updated for certificate updates and additions to the blacklist, and this
package provides the mechanism do so. It works by adding signed updates to
/usr/share/secureboot/updates and then runs sbkeysync on them. Eg:
$ sudo sbkeysync --no-default-keystores \
--keystore /usr/share/secureboot/updates
Note that this package tries to add all keys from the keystore that are not
found in the key databases in firmware. When secure boot is enabled, updates to
DB and DBX can only be performed if they are signed by an entry in the KEK
database.
-- Jamie Strandboge <jamie@ubuntu.com> Tue, 04 Dec 2012 13:22:03 -0600
AnonSec - 2021 | Recode By D7net