Linux kernel module signing for SecureBoot
-
Updated
Apr 2, 2020 - Shell
Linux kernel module signing for SecureBoot
This is a project for the Operating Systems for Embedded Systems course at Politecnico di Torino in the academic year 2022/2023. The topic for this year's course was Hardware Security. Our project is "Secure bootstrapping for ARM MCUs". We implemented a lightweight secure boot process which is based on performance counters.
This is an archive of SecureBootPolicyReset-x64.zip in case someone locks their UEFI with Windows Team version or so.
Bootloader implementation for embedded systems. Designed to be portable across different microcontrollers, with examples provided for STM32 integration. It includes: Firmware Update using python GUI tool, Secure Boot (RSA/ECC).
alpm/pacman hook to automatically sign efi binary after package updates.
Generate signed Unified Kernel Images
aarch64 bootloader for Linux
Secure-Boot-Sign-Modules - sign not signed kernel modules for Secure Boot
Config / Automation for Unified Kernel Images (UKIs) directly booted from UEFI menu with dracut and efibootmgr with a normal and an optional fallback UKI per installed kernel and (optionally) with Secure Boot enabled.
Northern Lights development repository. Pull requests are not yet accepted
Sign the updated bootloader and kernel using pacman hooks.
USB OTP Security System: A project combining the ESP32-S3 microcontroller, ATECC608A CryptoAuthentication device, Windows driver, and LibUSB for secure communication, OTP generation, and time synchronization. 🚀
Utilities to manage Secure Boot signatures
Manage shim openssl certificates for efi Secure Boot.
Own fork for personal use. For your own use, please directly fork the upstream repo
Add a description, image, and links to the secure-boot topic page so that developers can more easily learn about it.
To associate your repository with the secure-boot topic, visit your repo's landing page and select "manage topics."