There are 12 repositories under secure-boot topic.
Hardware-based attestation / intrusion detection app for Android devices. It provides both local verification with another Android device via QR codes and optional scheduled server-based verification with support for alert emails. It uses hardware-backed keys and attestation support as the foundation and chains trust to the app for software checks.
baton drop (CVE-2022-21894): Secure Boot Security Feature Bypass Vulnerability
Jo's Embedded Serial File System (for Standard Serial NOR-Flash)
UEFI Secure Boot for Arch Linux + btrfs snapshot recovery
Tutorial to create full disk encryption with YubiKey, encrypted boot partition and secure boot with UEFI
attestation.app remote attestation server. Server code for use with the Auditor app: https://github.com/GrapheneOS/Auditor. It provides two services: submission of attestation data samples and a remote attestation implementation with email alerts to go along with the local implementation based on QR code scanning in the app.
OpenEmbedded layer for the use cases on secure boot, integrity and encryption
Windows 11 compability check with user friendly output
Unsigned code loader for Exynos BootROM
Disabling kernel lockdown on Ubuntu without physical access
MultiZoneĀ® Security TEE is the quick and safe way to add security and separation to any RISC-V processors. The RISC-V standard ISA doesn't define TrustZone-like primitives to provide hardware separation. To shield critical functionality from untrusted third-party components, MultiZone provides hardware-enforced, software-defined separation of multi
Tool for complete hardening of Linux boot chain with UEFI Secure Boot
Unsigned code loader for Amlogic BootROM
Boot multiple systems from a single GRUB2-powered USB drive (just drop ISO or other modules to integrate into menu)
USB Format Tool - Make Bootable USB Drive with MBR and 2 Partitions
An ongoing & curated collection of awesome software best practices and techniques, libraries and frameworks, E-books and videos, websites, blog posts, links to github Repositories, technical guidelines and important resources about Software & Systems Architecture in Cybersecurity
Calculate future (next boot) TPM PCRs after a kernel upgrade
Unmaintained systemd-boot integration with secure boot support; consider https://github.com/Foxboron/sbctl instead.
A small subset of the submitted sample data from https://github.com/GrapheneOS/Auditor. It has a sample attestation certificate chain per device model (ro.product.model) along with a subset of the system properties from the sample as supplementary information.
Script to sign external Linux kernel modules for UEFI Secure Boot.
Take back control of Windows Code Integrity, no exploits or patching required! Requires that you control your own Platform Key (PK).
The GRUB2 signing extension are some scripts which help you to verify, sign and unsign your GRUB2 bootloader files using GPG.
An open source implementation of an AMD-V Secure Loader.
Build signed efi binaries which mount a dm-verity verified squashfs image as rootfs on boot.
MultiZoneĀ® Trusted Firmware is the quick and safe way to build secure IoT applications with any RISC-V processor. It provides secure access to commercial and private IoT clouds, real-time monitoring, secure boot, and remote firmware updates. The built-in Trusted Execution Environment provides hardware-enforced separation ...
š¾ Set up full partition encryption for Ubuntu using LUKS and GRUB2 and optionally LVM and Secure Boot for multi-boot systems.
MultiZoneĀ® Security Enclave for Linux