secure-boot - UEFI SecureBoot for ArchLinux

  •        69

I want full control at what boots the computer to avoid the so called evil maid attack. That requires setting SecureBoot with only my own keys. SecureBoot protects the computer from tampering with the installed OS and boot files, while it's left powered off outside our view. It's not a substitute for disk encryption though, it's an addition to it. The *.auth files must be enrolled in the UEFI firmware the first time. Unfortunately this procedure depends on the hardware i.e. the BIOS/UEFI (see below for a Thinkpad).



Related Projects

rEFInd-minimal - A stunningly clean theme for the rEFInd UEFI boot manager.


rEFInd is an easy to use boot manager for UEFI based systems. This is a clean and minimal theme for it. Locate your refind EFI directory. This is commonly /boot/EFI/refind though it will depend on where you mount your ESP and where rEFInd is installed. fdisk -l and mount may help.

OneFileLinux - Live linux distro combined in one ~20MB file. Runs on any UEFI computer.

  •    C

Live linux distro combined in one ~20MB file. Runs on any UEFI computer (PC or Mac) without installation. Just copy one file to EFI system partition and boot. No installation required — no need to create additional paritions. Just copy one file to EFI system partition and add new boot entry to NVRAM.

Coreboot - BIOS Alternative

  •    C

coreboot is aimed at replacing the proprietary BIOS (firmware) found in most computers. coreboot performs a little bit of hardware initialization and then executes additional boot logic, called a payload. coreboot can scale from specialized applications that run directly from firmware, run operating systems in flash, load custom bootloaders, or implement firmware standards, like PC BIOS services or UEFI.

Project mu - Modular adaptation of TianoCore's edk2 tuned for building modern devices using a scalable, maintainable, and reusable pattern.

  •    Python

Project Mu is a modular adaptation of TianoCore's edk2 tuned for building modern devices using a scalable, maintainable, and reusable pattern. Mu is built around the idea that shipping and maintaining a UEFI product is an ongoing collaboration between numerous partners. For too long the industry has built products using a "forking" model combined with copy/paste/rename and with each new product the maintenance burden grows to such a level that updates are near impossible due to cost and risk.

rufus - The Reliable USB Formatting Utility

  •    C

Use either Visual Studio 2017 (with Update 4 and SDK 10.0.16299 installed) or MinGW and then invoke the .sln or configure/make respectively. Note that, since Rufus is an OSI compliant Open Source project, you are entitled to download and use the freely available Visual Studio Community Edition to build, run or develop for Rufus. As per the Visual Studio Community Edition license this applies regardless of whether you are an individual or a corporate user.

chipsec - Platform Security Assessment Framework

  •    Python

CHIPSEC is a framework for analyzing the security of PC platforms including hardware, system firmware (BIOS/UEFI), and platform components. It includes a security test suite, tools for accessing various low level interfaces, and forensic capabilities. It can be run on Windows, Linux, Mac OS X and UEFI shell. Instructions for installing and using CHIPSEC can be found in the manual. NOTE: This software is for security testing purposes. Use at your own risk. Read WARNING.txt before using.

UEFITool - UEFI firmware image viewer and editor

  •    C++

UEFI firmware image viewer and editor

edk2 - EDK II

  •    C

A modern, feature-rich, cross-platform firmware development environment for the UEFI and PI specifications from The EDK II Project is composed of packages. The maintainers for each package are listed in Maintainers.txt.

Measured Boot Tool


Measured Boot Tool demonstrates TPM secure boot and remote attestation on Windows 8.

UPGDSED - Universal PatchGuard and Driver Signature Enforcement Disable

  •    C

Administrative privilege is required. In case of EFI boot SecureBoot must be disabled.

gs-spring-boot - Building an Application with Spring Boot :: Learn how to build an application with minimal configuration

  •    Java

This guide provides a sampling of how Spring Boot helps you accelerate and facilitate application development. As you read more Spring Getting Started guides, you will see more use cases for Spring Boot. It is meant to give you a quick taste of Spring Boot. If you want to create your own Spring Boot-based project, visit Spring Initializr, fill in your project details, pick your options, and you can download either a Maven build file, or a bundled up project as a zip file. You’ll build a simple web application with Spring Boot and add some useful services to it.

boot - Build tooling for Clojure.

  •    Clojure

Boot is a Clojure build framework and ad-hoc Clojure script evaluator. Boot provides a runtime environment that includes all of the tools needed to build Clojure projects from scripts written in Clojure that run in the context of the project.If you have questions or need help, please visit our Discourse site. You can find other developers and users in the #boot channel on Clojurians Slack.

tetros - Tetris that fits into the boot sector.

  •    Assembly

TetrOS is a small feature rich Tetris clone which is written in Assembly. It fits completely into a 512 byte boot sector as it requires only 446 bytes (which is the maximum allowed size of the first stage boot loader in the master boot record (MBR) of a drive) and is executed during the boot sequence before any operating system is loaded. Actually, it does not need any existing operating system. TetrOS is an operating system, hence the suffix OS in its name. There are two options to run TetrOS. Either in an emulator like qemu or via an installation of TetrOS in the boot sector of a real disk, USB stick or some other media.

tut-spring-boot-oauth2 - Spring Boot and OAuth2:: A tutorial on "social" login and single sign on with Facebook and Github

  •    Java

This guide shows you how to build a sample app doing various things with "social login" using OAuth2 and Spring Boot. It starts with a simple, single-provider single-sign on, and works up to a self-hosted OAuth2 Authorization Server with a choice of authentication providers (Facebook or Github). The samples are all single-page apps using Spring Boot and Spring OAuth on the back end. They also all use plain jQuery on the front end, but the changes needed to convert to a different JavaScript framework or to use server side rendering would be minimal. Because one of the samples is a full OAuth2 Authorization Server we have used the shim JAR which supports bridging from Spring Boot 2.0 to the old Spring Security OAuth2 library. The simpler samples could also be implemented using the native OAuth2 support in Spring Boot security features. The configuration is very similar.

quick-secure - Quickly secure UNIX/Linux systems

  •    Shell

Quick NIX Secure Script is used to harden and secure basic permissions and ownership on the fly. This script can be used during boot up, cron, bootstrapping, kickstart, jumpstart and during other system deployments. I recommend using CM tools like Puppet or Ansible, but this is still nice. Many times in (prod)uction world prior admins harden without automation or towards an industry baseline. This is to help get to a point of standardization and quickly set or reset basic system security.

spring-boot-security-saml-sample - Sample SAML 2.0 Service Provider with Spring Boot.

  •    Java

Currently Spring Security SAML module doesn't provide a starter for Spring Boot. Moreover, its configuration is XML-based as of this writing. The aim of this project is to explain how to develop a Service Provider (SP) which uses Spring Boot and Spring Security SAML Extension, by defining an annotation-based configuration (Java Configuration). Thymeleaf is also used as template engine.