Skip to content

canonical/secboot

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

1,658 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

secboot

A Go library for managing TPM-backed encrypted disks on Linux operating systems.

Features

  • System installation & maintenance:

    • Do pre-install platform compatibility checks
    • Initialize the TPM
    • Seal a LUKS passphrase within the TPM
    • Update sealing policy (typically after platform or software update)
    • Manage TPM lockout (set authValue, reset)
    • Compute PCR profiles
    • Manage recovery keys of LUKS containers (create, list, delete)
  • System boot:

    • Unseal
    • Attempt various unlocking paths (TPM-backed, with PIN, with passphrase, recovery...)
  • Other useful functions

    • Get entropy of a PIN or passphrase
    • Access to UEFI variables PK, KEK, Db, Dbx

License

Secboot is licensed under the GNU General Public License version 3.

See the COPYING file for more details.

About

No description, website, or topics provided.

Resources

License

Stars

Watchers

Forks

Packages

 
 
 

Contributors

Languages