secure-boot

Hardware-based attestation / intrusion detection app for Android devices. It provides both local verification with another Android device via QR codes and optional scheduled server-based verification with support for alert emails. It uses hardware-backed keys and attestation support as the foundation and chains trust to the app for software checks.

android security cryptography monitoring integrity hsm secure-boot authenticity attestation verifiedboot remote-attestation secureboot strongbox grapheneos

UpdatedOct 2, 2025
Java

Wack0 /CVE-2022-21894

Star343

baton drop (CVE-2022-21894): Secure Boot Security Feature Bypass Vulnerability

poc uefi vulnerability secure-boot windows-boot cve-2022-21894 cve-2023-24932

UpdatedSep 27, 2023
C

joembedded /JesFs

Star237

Jo's Embedded Serial File System (for Standard Serial NOR-Flash)

arm flash filesystem bluetooth ble file-system bootloader embedded-devices ccs secure-boot spi-flash nrf52 simplelink ota-update ultra-low-power

UpdatedAug 19, 2025
C

andreyv /sbupdate

Star225

Generate and sign kernel images for UEFI Secure Boot on Arch Linux

uefi secure-boot

UpdatedAug 2, 2023
Shell

Foxboron /go-uefi

Sponsor

Star154

Linux UEFI library written in pure Go.

uefi secure-boot uefi-secureboot

UpdatedOct 10, 2025
Go

max-baz /arch-secure-boot

Sponsor

Star141

UEFI Secure Boot for Arch Linux + btrfs snapshot recovery

archlinux uefi snapper btrfs secure-boot uefi-boot btrfs-snapshots

UpdatedJul 18, 2024
Shell

GrapheneOS /AttestationServer

Star133

attestation.app remote attestation server. Server code for use with the Auditor app:https://github.com/GrapheneOS/Auditor. It provides two services: submission of attestation data samples and a remote attestation implementation with email alerts to go along with the local implementation based on QR code scanning in the app.

android security cryptography monitoring integrity hsm secure-boot authenticity attestation verifiedboot remote-attestation secureboot strongbox grapheneos

UpdatedOct 12, 2025
Java

sandrokeil /yubikey-full-disk-encryption-secure-boot-uefi

Star114

Tutorial to create full disk encryption with YubiKey, encrypted boot partition and secure boot with UEFI

yubikey arch-linux uefi luks secure-boot 2fa full-disk-encryption lvm2

UpdatedOct 24, 2019
Shell

sabi-31 /Modern_Arch_Linux_Install

Star111

A comprehensive guide to installing Arch Linux with all of the modern features.

linux archlinux snapper btrfs secure-boot dualboot

UpdatedAug 3, 2025

frederic /exynos-usbdl

Star110

Unsigned code loader for Exynos BootROM

arm usb exploit vulnerability samsung secure-boot exynos bootrom

UpdatedAug 13, 2020
C

jonasblixt /punchboot

Star92

Punchboot

embedded bootloader secure-boot armv8 imx6 imx8 armv7a

UpdatedOct 6, 2025
C

frederic /amlogic-usbdl

Star86

Unsigned code loader for Amlogic BootROM

arm usb exploit chromecast vulnerability amlogic secure-boot bootrom superbird

UpdatedNov 6, 2022
C

pbatard /Mosby

Star86

Mosby – More Secure Secure Boot

x64 uefi arm64 ia32 secure-boot edk2 uefi-secureboot secureboot uefi-shell

UpdatedOct 9, 2025
C

hex-five /multizone-sdk

Star86

MultiZone® Security TEE is the quick and safe way to add security and separation to any RISC-V processors. The RISC-V standard ISA doesn't define TrustZone-like primitives to provide hardware separation. To shield critical functionality from untrusted third-party components, MultiZone provides hardware-enforced, software-defined separation of multi