update-secureboot-policy

Secure Boot chain-loading bootloader (Microsoft-signed binary)

Install

All systems
curl cmd.cat/update-secureboot-policy.sh
Debian Debian
apt-get install shim-signed
Ubuntu
apt-get install shim-signed
image/svg+xml Kali Linux
apt-get install shim-signed
Windows (WSL2)
sudo apt-get update sudo apt-get install shim-signed

shim-signed

Secure Boot chain-loading bootloader (Microsoft-signed binary)

This package provides a minimalist boot loader which allows verifying signatures of other UEFI binaries against either the Secure Boot DB/DBX or against a built-in signature database. Its purpose is to allow a small, infrequently-changing binary to be signed by the UEFI CA, while allowing an OS distributor to revision their main bootloader independently of the CA. This package contains the version of the bootloader binary signed by the Microsoft UEFI CA.