doas pacman -S sbctl intel-ucode
enable tpm (intel ptt:platform trust technology)
clear keys
doas su
sbctl status
sbctl create-keys
sbctl enroll-keys
sbctl status
sbctl verify
sbctl sign -s /efi/EFI/BOOT/BOOTX64.EFI
sbctl bundle -s -i /boot/intel-ucode.img -l /usr/share/systemd/bootctl/splash-arch.bmp -k /boot/vmlinuz-linux-hardened -f /boot/booster-linux-hardened.img /efi/arch.efi -c /boot/cmdline.txt
sbctl list-bundles
sbctl generate-bundles
src:
https://github.com/Foxboron/sbctl
Comments
Post a Comment