Online / 6 & 7 February 2021


Improving the Secure Boot landscape: sbctl & go-uefi

Utilizing secure boot should be simple. Our current tooling is badly integrated, abstractions leaking and the code bases are not reusable. Functionality is spread between several projects and not one covers all your needs. This amounts to a confusing landscape. sbctl and go-uefi is a tool, and a low-level UEFI library, that attempts to push the secure boot landscape forward.

In this talk I'll do a short introduction of secure boot and the tooling people normally use. We will look at the different use cases each of them provide and missing functionality. Then I'll do a short demonstration of sbctl and go-uefi.

The goal is to try provoke some ideas how we can make secure boot more accessible for users. Currently the tooling assumes some familiarity with secure boot implementation details (signature lists, PK/KEK/db keys and so on) and that shouldn't be needed to have a fairly basic secure boot setup.


Photo of Morten Linderud Morten Linderud
Jakub Łęcki