A new bootable USB solution.

The Reliable USB Formatting Utility

Hardware-based attestation / intrusion detection app for Android devices. It provides both local verification with another Android device via QR codes and optional scheduled server-based verification with support for alert emails. It uses hardware-backed keys and attestation support as the foundation and chains trust to the app for software checks.

baton drop (CVE-2022-21894): Secure Boot Security Feature Bypass Vulnerability

Generate and sign kernel images for UEFI Secure Boot on Arch Linux

Jo's Embedded Serial File System (for Standard Serial NOR-Flash)

Linux UEFI library written in pure Go.

UEFI Secure Boot for Arch Linux + btrfs snapshot recovery

Tutorial to create full disk encryption with YubiKey, encrypted boot partition and secure boot with UEFI

attestation.app remote attestation server. Server code for use with the Auditor app: https://github.com/GrapheneOS/Auditor. It provides two services: submission of attestation data samples and a remote attestation implementation with email alerts to go along with the local implementation based on QR code scanning in the app.

Punchboot

OpenEmbedded layer for the use cases on secure boot, integrity and encryption

Windows 11 compability check with user friendly output

Unsigned code loader for Exynos BootROM

Disabling kernel lockdown on Ubuntu without physical access

MultiZone® Security TEE is the quick and safe way to add security and separation to any RISC-V processors. The RISC-V standard ISA doesn't define TrustZone-like primitives to provide hardware separation. To shield critical functionality from untrusted third-party components, MultiZone provides hardware-enforced, software-defined separation of multi

Tool for complete hardening of Linux boot chain with UEFI Secure Boot

Emulating Exynos 4210 BootROM in QEMU

Unsigned code loader for Amlogic BootROM

Secure EFI Loader designed to authenticate the non-PE files