-
-
0.8ae0c3110 · ·
Release 0.8 Morten Linderud (31): reset: Add reset command for Platform Key enroll-keys: Refactor a bit and prepare OEM keys reset: Added error when PK is already reset status: lowercase sbctl in the output reset: Added some output logging keys: Refactor key enrollment a tiny bit Makefile: Added phony target for sbctl status: remove capitalization of sbctl certs: Added certs package to support vendor certificates keys: Allow enrollment of Microsoft OEM keys status: Display enrolled vendor keys enroll-keys: Implement --ignore-immutable bundle: Do not error when we don't find an ESP for help util: Switch from if to cases enroll-keys: Refactor a bit sbctl.8: Updated the manpage keys: Don't hard error when we don't have the db Fix go.mod go.mod: Added go-attestation + update dependencies tpm: Implemented TPM Eventlog reading sbctl: Add new error messages for OpROM enroll-keys: Implement OpROM checking using the TPM Eventlog enroll-keys: Implement enrollment of checksums from the TPM Eventlog go.mod: Revert update so we don't need trousers enroll-keys: Add check for empty eventlog status: Don't error on missing GUID file sbctl.8: Add entries for vendor flags status: Expand the vendor entries in the status guid: Change perms to 644 and move from ioutils to os sbctl.8: Added usage section, some cleanups logging: Warnings go to stderr Silke Hofstra (1): Ignore EOF errors in CheckMSDos -
0.510ff8d2a · ·
Release 0.5 This release contains a few changes to the documentation of sbctl. The most notable change is to the `GetESP` functionality which should behave better on systems with more then one EFI partition. This can also be overridden with `SYSTEMD_ESP_PATH` or `ESP_PATH`. Hugo Barrera (3): Update man entry for default cmdline Update docs/sbctl.8.txt Typo Hugo Osvaldo Barrera (4): Extend the documentation a bit Refine docs based on feedback Typos Tweak unconvincing working Morten Linderud (5): bundles: Handle command not found errors util: Expand array in print generator Updated readme for libera sbctl/bundle: Do not default to ESP for fetching kernel and initramfs man: Mention environment variables for ESP location igo95862 (3): Remove ioutil Improved GetEsp function. Add SYSTEMD_ESP_PATH and ESP_PATH environment variables support -
0.4e63eb3d6 · ·
Release 0.4 Morten Linderud (2): Updated srcinfo sbctl: Inverted bool broke key enrollment igo95862 (3): Directly pass arguments to subprocesses instead of args spliting Use argument list for objcopy instead of split by whitespace Redirect objcopy stderr to parent stderr Érico Nogueira (1): Use x/sys/unix for ioctl instead of rolling our own. -
0.3a33d0b40 · ·
Release 0.3 This is mostly just a quick bugfix release. The x509 cert change adds a expire date for 5 years, but shouldn't matter too much in the immediate future. The bug is that sbctl gets confused if the PK file in efivarfs does not exist since we are checking for immutable Morten Linderud (3): sbctl: Create valid x509 certs for the kernel sbctl: IsImmutable should return false if the file does not exist Fixed sbctl hooks in PKGBUILD -
0.24df69d69 · ·
Release 0.2 This release has mostly UX issues and improves the error handling of the underlying commands. The major change has been moving from /proc/cmdline as the default cmdline file to /etc/kernel/cmdline which should be better suited for this task. Morten Linderud (13): sbctl: Added missing format argument sbctl: Microcode won't always be passed cmd/sbctl: proper exit if we fail creating bundle cmd/sbctl: Typo in err sbctl: Check for immutable files before sbkeysync keys: sbkeysync can have "Permissiond denide" errors sbctl: Check for persmission denied. Use errors package sbctl/bundle: Change default cmdline to /etc/kernel/cmdline sbctl.hook: Renamed to be ordered last, added more paths -
0.1611f2818 · ·
Release 0.1 First release of sbctl 🎉 Thanks to Érico Nogueira Rolim for sticking with this project :) (Proper release notes when they make sense. I swear)