Description
Secure Boot signing for GRUB files and kernel images can be automated around sbctl. It is useful for administrators who want a repeatable local workflow for maintaining signed boot components.
Bootloader changes can make a machine fail to start if the wrong disk, firmware mode, or configuration is used. Keep recovery media available and review generated entries before rebooting. Signing keys are sensitive; protect private keys and document recovery steps before enforcing Secure Boot.