Skip to content

Script to easily generate self-signed UEFI keys for Secure Boot

License

Notifications You must be signed in to change notification settings

x86-sec/efi-mkkeys

 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

6 Commits
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

UEFI Keys Generator

efi-mkkeys is a simple script to easily generate self-signed UEFI keys (PK, KEK, and db) for Secure Boot, including .esl and .auth files, with a single command.

Requirements

  • POSIX-sh compatible shell (e.g. Busybox ash, dash, ZSH, bash, …)

  • cat, sed (BSD, Busybox or GNU)

  • openssl

  • cert-to-efi-sig-list, sign-efi-sig-list from efitools

  • uuidgen from util-linux or BSD

Installation

On Alpine Linux

Install package efi-mkkeys on Alpine Linux v3.15 or later:

apk add efi-mkkeys

On Arch Linux

Install package efi-mkkeys from AUR:

yay -S efi-mkkeys

Or use another AUR helper.

Please note that I’m not maintainer of this package.

From Tarball

wget https://github.com/jirutka/efi-mkkeys/archive/v0.1.0/efi-mkkeys-0.1.0.tar.gz
tar -xzf efi-mkkeys-0.1.0.tar.gz
cd efi-mkkeys-0.1.0
make install DESTDIR=/ prefix=/usr/local

…​or just download the efi-mkkeys script directly.

Usage

See the help section in efi-mkkeys (or run efi-mkkeys -h).

See Also

  • efi-mkuki — EFI Unified Kernel Image Maker

License

This project is licensed under MIT License. For the full text of the license, see the LICENSE file.

About

Script to easily generate self-signed UEFI keys for Secure Boot

Resources

License

Stars

Watchers

Forks

Packages

No packages published

Languages

  • Shell 72.7%
  • Makefile 27.3%