summaryrefslogblamecommitdiffstats
path: root/system/efitools/README
blob: d10aac7922494faa03363123a63fd9ff2f70af5e (plain) (tree)
1
2
3
4
5
6
7
8
                  


                                                                      



                                                                   





                                                       

                                                       
 


                                                                  

                                                                  










                                                                  
## README efitools
efitools is a set of tools for manipulating EFI secure boot platforms.

If you ever plan to use LockDown.efi (it's an EFI program that
installs a predefined set of Secure Boot keys if you run it while
your machine is in setup mode) you will want to use your own Secure
Boot keys and maybe specify an owner GUID (in hex). The keys should
be placed in the SlackBuild directory and named:
Platform Key public/private keys - PK.crt, PK.key
Key Exchange public/private keys - KEK.crt, KEK.key
Signature Database public/private keys - DB.crt, DB.key

and the SlackBuild should be executed using:

GUID=xxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx USE_KEYS=yes \
  ./efitools.SlackBuild

efitool-mkusb to make a bootable usbstick, the process will delete
all files on the usbstick.

It's unlikely that you'll use LockDown.efi and there are alternate
methods to do what it does, so it's fine just to ignore it.

WARNING!!!! PLEASE MAKE SURE YOU KNOW EXACTLY WHAT YOU ARE DOING
BEFORE PROCEEDING.

SlackBuilds.org 2023 accepts no liability for any issues caused by
using this software. The software is provided as is and requires a
working knowledge, of setting up
secure booting and keys.

For information how to use this software for secure/boot on Linux
please see the included. README.Secure_Boot