secureboot

Super UEFIinSecureBoot Disk: Boot any OS or .efi file without disabling UEFI Secure Boot

Hardware-based attestation / intrusion detection app for Android devices. It provides both local verification with another Android device via QR codes and optional scheduled server-based verification with support for alert emails. It uses hardware-backed keys and attestation support as the foundation and chains trust to the app for software checks.

Framework to join Linux's physical security bricks.

OpenCore 0.6.9 configuration for T480. Optimized for Catalina and Big Sur.

Server code for use with the Auditor app: https://github.com/GrapheneOS/Auditor. It provides two services: submission of attestation data samples and a remote attestation implementation with email alerts to go along with the local implementation based on QR code scanning in the app.

A small subset of the submitted sample data from https://github.com/GrapheneOS/Auditor. It has a sample attestation certificate chain per device model (ro.product.model) along with a subset of the system properties from the sample as supplementary information.

Secure immutable GNU/Linux distro installer

Really Secure Boot on Linux

SecureBoot Grub2FM Suite

VM demonstration various symlink and hard link attacks against secure boot. See the whitepaper at: https://www.anvilventures.com/blog/defeating-secure-boot-with-symlink-attacks.html

A repo that explain how to install Arch Linux featuring encryption, Secure Boot, btrfs and AppArmor.

UEFI bootloader stub

Bitpacker

QEMU/OVMF/SWTPM UEFI Secure Boot development environment

Automate generation of Secure Boot signed single file kernel images

Auditor app prebuilt using the latest official release of the Auditor app.

The uefi-checkscript.ps1 verifies that the operating system was booted from UEFI. It will display a notification if the system was booted from BIOS.

Immutable & Validated Linux Images

Arch Linux installation Guide For Paranoid Users