SB Manager
SB Manager is a utility for managing Secure Boot on Nitrux. It generates Machine Owner Keys (MOK), signs kernels, and enrolls keys into the UEFI firmware.
How it works
SB Manager performs three steps:
- Generates Secure Boot keys (MOK).
- Sign the kernel for Secure Boot.
- Enrolls keys into the UEFI firmware.
The utility is highly automated. It prompts for permission before performing actions and requests input for the OpenSSL certificate and MOK password.
What is Secure Boot?
Secure Boot is a UEFI security standard that verifies the digital signature of boot software before execution. Only software signed with a trusted key can run, preventing unauthorized code from loading during startup.
What is a Machine Owner Key (MOK)?
An MOK is a cryptographic key pair that allows users to sign custom kernels or modules for use with Secure Boot. Instead of disabling Secure Boot entirely, users can create their own keys, sign their software, and enroll the keys in the firmware.
Usage
Run from the terminal:
sb-manager
The utility requires pkexec elevated privileges. There are no configuration parameters or additional options.