Secure Boot

Modes

• Setup Mode:
• User Mode:

Tools

Debian packages:

• efibootmgr: Interact with the EFI Boot Manager
• efitools: Tools to manipulate EFI secure boot keys and signatures
  • Repo: https://git.kernel.org/pub/scm/linux/kernel/git/jejb/efitools.git/about/
  • Web: https://blog.hansenpartnership.com/uefi-secure-boot/
• sbsigntool: Tools to manipulate signatures on UEFI binaries and drivers
• gnu-efi: Library for developing EFI applications
• shim: boot loader to chain-load signed boot loaders under Secure Boot
• shim-signed: Secure Boot chain-loading bootloader (Microsoft-signed binary)
• sicherboot: systemd-boot integration with UEFI secure boot support

Virtual machines

TianoCore is a reference implementation of UEFI by Intel and includes the EFI Development Kit (EDK) of which version II (2) is considered the de facto standard generic UEFI services implementation.

Open Virtual Machine Firmware (OVMF) is a build of EDK II to boot virtual machines with UEFI, including Secure Boot.

Debian packages:

Name	Description
ovmf	UEFI firmware for 64-bit x86 virtual machines
ovmf-ia32	UEFI firmware for 32-bit x86 virtual machines
qemu-efi-aarch64	UEFI firmware for 64-bit ARM virtual machines
qemu-efi-arm	UEFI firmware for 32-bit ARM virtual machines