% sicherboot(8) Sicherboot User Manuals % Julian Andres Klode % September 6, 2016
sicherboot - systemd-boot integration with UEFI secure boot support
sicherboot [command] [arg...]
sicherboot manages the systemd-boot bootloader and kernels in an EFI
System Partition (ESP). It stores a set of keys in /etc/sicherboot/keys
to sign the binaries for use with secure boot.
After installation of sicherboot, setup /etc/kernel/cmdline and perhaps
change some options in /etc/sicherboot/sicherboot.conf to your liking.
Once you have configured sicherboot as you want, run sicherboot setup
to perform the initial installation.
sicherboot setup
: Performs the initial installation of sicherboot to the ESP.
This basically runs enroll-keys, install-kernel, bootctl install,
asking before each step.
sicherboot generate-keys
: Generates keys in the directory configured in the KEY_HOME option.
sicherboot enroll-keys
: Copies the public keys into the ESP, first running generate-keys if no
keys exist yet.
sicherboot install-kernel [VERSION] : Install the specified kernel version to the ESP, with initramfs and signed
sicherboot remove-kernel [VERSION] : Remove the specified kernel version from the ESP
sicherboot bootctl [ARGUMENT...]
: Run the bootctl program with the specified arguments, and sign the
bootloader afterwards.
sicherboot sign-image EXECUTABLE
: Sign the given executable using the db key.
/etc/sicherboot/sicherboot.conf
: The sicherboot configuration file
/etc/sicherboot/keys
: The default key storage location
/etc/kernel/cmdline
: Kernel command line configuration file