Configuration changes in version 0.r98.be9c5ea:
- The
INITRDvariable no longer accepts multiple initramfs files. Use the newCONFIGSvariable instead.
Search Criteria
Package Details: sbupdate-git 0.r133.1bd9722-2
Package Actions
| Git Clone URL: | https://aur.archlinux.org/sbupdate-git.git (read-only, click to copy) |
|---|---|
| Package Base: | sbupdate-git |
| Description: | Generate and sign kernel images for UEFI Secure Boot |
| Upstream URL: | https://github.com/andreyv/sbupdate |
| Keywords: | boot uefi |
| Licenses: | GPL3 |
| Conflicts: | sbupdate |
| Provides: | sbupdate |
| Submitter: | andreyv |
| Maintainer: | andreyv |
| Last Packager: | andreyv |
| Votes: | 34 |
| Popularity: | 0.000046 |
| First Submitted: | 2016-08-19 10:22 (UTC) |
| Last Updated: | 2023-08-11 11:32 (UTC) |
Dependencies (4)
- bash (bash-devel-static-gitAUR, bash-devel-gitAUR, busybox-coreutilsAUR, bash-gitAUR)
- sbsigntools (sbsigntools-gitAUR)
- systemd-ukify (systemd-chromiumos-ukifyAUR, systemd-ukify-selinuxAUR, systemd-ukify-gitAUR, systemd-ukify-fmlAUR)
- git (git-gitAUR, git-glAUR) (make)
Required by (0)
Sources (1)
Latest Comments
« First ‹ Previous 1 2 3
andreyv commented on 2019-11-10 09:55 (UTC) (edited on 2019-11-10 09:55 (UTC) by andreyv)
andreyv commented on 2019-05-25 18:25 (UTC) (edited on 2019-05-25 18:56 (UTC) by andreyv)
Configuration changes in version 0.r84.aa95459:
- Config file renamed to
/etc/sbupdate.conf - Default key directory changed to
/etc/efi-keys KEYFILEandCRTFILEoptions are removed. The script now handles lowercase and uppercase variants automatically.
wincraft71 commented on 2018-02-01 13:42 (UTC)
@andreyv
That is awesome, thank you. It worked with the new options
andreyv commented on 2018-01-24 21:47 (UTC)
@wincraft71 Should work now, see new configuration options.
andreyv commented on 2018-01-22 06:52 (UTC)
@wincraft71 There is a pull request for that, I'll get to it soon. Now the script follows Rodsbooks' convention.
wincraft71 commented on 2018-01-22 06:27 (UTC)
The script should be changed to look for "db." files in the KEY_DIR /boot/efikeys instead of "DB." files for compatibility with cryptboot (https://aur.archlinux.org/packages/cryptboot/).
Pinned Comments
gilbs commented on 2023-09-02 18:05 (UTC) (edited on 2023-09-02 18:37 (UTC) by gilbs)
@andreyv Thanks for your outstanding work on this project! It was quite useful while it was alive and I am grateful that you took from your personal time to maintain it for almost 7 years 🙏. Given that mkinitcpio is now able to generate UKIs and that there already exist many tools to sign boot images, it sounds like a fairly reasonable decision to retire sbupdate. However, I would only suggest to add a final commit, just to display a deprecation warning to users when they sign an image with sbupdate. Many users might not be aware that the project EOLed just by looking at the PKGBUILD. I only realized it EOLed when I stumbled upon the git repository by accident.
For the records, I switched to mkinitcpio to generate the UKI, and after some hesitancy I opted for sbctl for the signature. Thanks to the archwiki, the process was straightforward. I was initially reluctant to switch to a bloated tool like sbctl, but the key enrollment and image signature processes were so smooth that it eventually earned my vote… Otherwise I would probably have written some manual hooks to sign the UKI with sbsign, which I guess would also have been OK.
@SleepyMario
Is there any properly maintained fork of sbupdate in the wild? I found this one: sbupdate-mkinitcpio (which has a deceptive name IMHO) that switched from pacman hooks to a systemd unit to trigger the signature script.
My personal suggestion would be to refrain from using such fork (unless I'm missing some use case). mkinitcpio can generate the UKI for you, and you can sign it with whatever tools you want (sbsign+some manually written pacman hooks, or sbctl and its shipped hooks). It's not a lot of work.
andreyv commented on 2023-08-12 05:44 (UTC)
@mephinet I no longer have the capability to develop the tool, and anyway it's largely obsolete — see https://wiki.archlinux.org/title/Unified_Extensible_Firmware_Interface/Secure_Boot for replacements.