secure-boot

Hardware-based attestation and intrusion detection app for Android. It provides both local verification with another Android device via QR codes and optional scheduled server-based verification with support for alert emails. It uses hardware-backed keys and attestation support as the foundation and chains trust to the app for software checks.

android security cryptography monitoring integrity hsm secure-boot authenticity attestation verifiedboot remote-attestation secureboot strongbox grapheneos

UpdatedFeb 13, 2026
Java

Wack0 /CVE-2022-21894

Star349

baton drop (CVE-2022-21894): Secure Boot Security Feature Bypass Vulnerability

poc uefi vulnerability secure-boot windows-boot cve-2022-21894 cve-2023-24932

UpdatedSep 27, 2023
C

joembedded /JesFs

Star247

Jo's Embedded Serial File System (for Standard Serial NOR-Flash)

arm flash filesystem bluetooth ble file-system bootloader embedded-devices ccs secure-boot spi-flash nrf52 simplelink ota-update ultra-low-power

UpdatedFeb 14, 2026
C

andreyv /sbupdate

Star226

Generate and sign kernel images for UEFI Secure Boot on Arch Linux

uefi secure-boot

UpdatedAug 2, 2023
Shell

Foxboron /go-uefi

Sponsor

Star164

Linux UEFI library written in pure Go.

uefi secure-boot uefi-secureboot

UpdatedOct 10, 2025
Go

cjee21 /Check-UEFISecureBootVariables

Star152

PowerShell scripts to check the UEFI KEK, DB and DBX Secure Boot variables as well as scripts for other Secure Boot related items.

windows registry kek powershell x64 x86-64 windows-10 svn db batch uefi batch-file batch-script powershell-script efi secure-boot command-prompt dbx uefi-secureboot windows-11

UpdatedFeb 12, 2026
PowerShell

GrapheneOS /AttestationServer

Star149

attestation.app remote attestation server. Server code for use with the Auditor app:https://github.com/GrapheneOS/Auditor. It provides two services: submission of attestation data samples and a remote attestation implementation with email alerts to go along with the local implementation based on QR code scanning in the app.

android security cryptography monitoring integrity hsm secure-boot authenticity attestation verifiedboot remote-attestation secureboot strongbox grapheneos

UpdatedFeb 20, 2026
Java

max-baz /arch-secure-boot

Sponsor

Star144

UEFI Secure Boot for Arch Linux + btrfs snapshot recovery

archlinux uefi snapper btrfs secure-boot uefi-boot btrfs-snapshots

UpdatedJul 18, 2024
Shell

embetrix /meta-stm32mp15x

Star144

OpenEmbedded/Yocto BSP layer for STM32MP15x based MPUs

security real-time yocto-layer industrial bsp secure-boot openembedded-layer lvgl rt-preempt arm-trusted-firmware optee stm32mp1 stm32mp157c-dk2 stm32mp157f-dk2 stm32mp15x

UpdatedFeb 24, 2025
BitBake

pbatard /Mosby

Star136

Mosby – More Secure Secure Boot

x64 uefi arm64 ia32 secure-boot edk2 uefi-secureboot secureboot uefi-shell

UpdatedJan 13, 2026
C

frederic /exynos-usbdl

Star119

Unsigned code loader for Exynos BootROM

arm usb exploit vulnerability samsung secure-boot exynos bootrom

UpdatedAug 13, 2020
C

sandrokeil /yubikey-full-disk-encryption-secure-boot-uefi

Star115

Tutorial to create full disk encryption with YubiKey, encrypted boot partition and secure boot with UEFI

yubikey arch-linux uefi luks secure-boot 2fa full-disk-encryption lvm2

UpdatedOct 24, 2019
Shell

sabi-31 /Modern_Arch_Linux_Install

Star114

A comprehensive guide to installing Arch Linux with all of the modern features.

linux archlinux snapper btrfs secure-boot dualboot

UpdatedAug 3, 2025

jonasblixt /punchboot

Star96

Punchboot

embedded bootloader secure-boot armv8 imx6 imx8 armv7a

UpdatedFeb 16, 2026
C

cutecatsandvirtualmachines /Sputnik

Star95

The sequel to Voyager

windows amd hypervisor intel cheat uefi voyager hyper-v efi secure-boot bootkit hijack ept

UpdatedAug 21, 2024
C

frederic /amlogic-usbdl

Star93

Unsigned code loader for Amlogic BootROM

arm usb exploit chromecast vulnerability amlogic secure-boot bootrom superbird

UpdatedNov 6, 2022
C

hex-five /multizone-sdk

Star87

MultiZone® Security TEE is the quick and safe way to add security and separation to any RISC-V processors. The RISC-V standard ISA doesn't define TrustZone-like primitives to provide hardware separation. To shield critical functionality from untrusted third-party components, MultiZone provides hardware-enforced, software-defined separation of multi

security fpga firmware hypervisor container freertos xilinx microkernel secure-boot risc-v attestation trustzone tee trusted-computing sifive multizone trusted-execution-environment secure-element root-of-trust digilent-arty-board

UpdatedJan 24, 2024
C

Improve this page

Add a description, image, and links to thesecure-boot topic page so that developers can more easily learn about it.

Curate this topic

Add this topic to your repo

To associate your repository with thesecure-boot topic, visit your repo's landing page and select "manage topics."

Learn more

Movatterモバイル変換

Navigation Menu

Search code, repositories, users, issues, pull requests...

Provide feedback

Saved searches

Use saved searches to filter your results more quickly