update-secureboot-policy
Secure Boot chain-loading bootloader (Microsoft-signed binary)
Install
- All systems
-
curl cmd.cat/update-secureboot-policy.sh
- Debian
-
apt-get install shim-signed - Ubuntu
-
apt-get install shim-signed - Kali Linux
-
apt-get install shim-signed - Windows (WSL2)
-
sudo apt-get updatesudo apt-get install shim-signed - Dockerfile
- dockerfile.run/update-secureboot-policy
shim-signed
Secure Boot chain-loading bootloader (Microsoft-signed binary)
This package provides a minimalist boot loader which allows verifying signatures of other UEFI binaries against either the Secure Boot DB/DBX or against a built-in signature database. Its purpose is to allow a small, infrequently-changing binary to be signed by the UEFI CA, while allowing an OS distributor to revision their main bootloader independently of the CA. This package contains the version of the bootloader binary signed by the Microsoft UEFI CA.