NAME

       sicherboot - systemd-boot integration with UEFI secure boot support

SYNOPSIS

       sicherboot [command] [arg...]

DESCRIPTION

       sicherboot manages the systemd-boot bootloader and kernels in an EFI System Partition (ESP).  It stores a
       set of keys in /etc/sicherboot/keys to sign the binaries for use with secure boot.

INITIAL SETUP

       After  installation  of  sicherboot,  setup  /etc/kernel/cmdline  and  perhaps  change  some  options  in
       /etc/sicherboot/sicherboot.conf to your liking.

       Once  you  have  configured  sicherboot  as  you  want,  run  sicherboot setup  to  perform  the  initial
       installation.

       sicherboot setup
              Performs the initial installation of sicherboot to the  ESP.   This  basically  runs  enroll-keys,
              install-kernel, bootctl install, asking before each step.

KEY MANAGEMENT

       sicherboot generate-keys
              Generates keys in the directory configured in the KEY_HOME option.

       sicherboot enroll-keys
              Copies the public keys into the ESP, first running generate-keys if no keys exist yet.

KERNEL MANAGEMENT

       sicherboot install-kernel [VERSION]
              Install the specified kernel version to the ESP, with initramfs and signed

       sicherboot remove-kernel [VERSION]
              Remove the specified kernel version from the ESP

OTHER TOOLS

       sicherboot bootctl [ARGUMENT...]
              Run the bootctl program with the specified arguments, and sign the bootloader afterwards.

       sicherboot sign-image EXECUTABLE
              Sign the given executable using the db key.

FILES

       /etc/sicherboot/sicherboot.conf
              The sicherboot configuration file

       /etc/sicherboot/keys
              The default key storage location

       /etc/kernel/cmdline
              Kernel command line configuration file

AUTHORS

       Julian Andres Klode.