efi-mkkeys is a simple script to easily generate self-signed UEFI keys (PK, KEK, and db) for Secure Boot, including .esl and .auth files, with a single command.
-
POSIX-sh compatible shell (e.g. Busybox ash, dash, ZSH, bash, …)
-
cat,sed(BSD, Busybox or GNU) -
openssl -
cert-to-efi-sig-list,sign-efi-sig-listfrom efitools -
uuidgenfrom util-linux or BSD
Install package efi-mkkeys from AUR:
yay -S efi-mkkeysOr use another AUR helper.
Please note that I’m not maintainer of this package.
wget https://github.com/jirutka/efi-mkkeys/archive/v0.1.0/efi-mkkeys-0.1.0.tar.gz
tar -xzf efi-mkkeys-0.1.0.tar.gz
cd efi-mkkeys-0.1.0
make install DESTDIR=/ prefix=/usr/local…or just download the efi-mkkeys script directly.
See the help section in efi-mkkeys (or run efi-mkkeys -h).
-
efi-mkuki — EFI Unified Kernel Image Maker
-
Managing EFI Boot Loaders for Linux: Controlling Secure Boot by Rod Smith
-
Unified Extensible Firmware Interface/Secure Boot on Arch Linux Wiki
-
Sakaki’s EFI Install Guide/Configuring Secure Boot on Gentoo Wiki
This project is licensed under MIT License. For the full text of the license, see the LICENSE file.