secure-boot-cert-rotation
OfficialSustain bootability via Secure Boot cert rotation.
Authorair-gapped
Version1.0.0
Installs0
System Documentation
What problem does it solve?
Triage and remediate the Microsoft Secure Boot 2011→2023 certificate rotation across Dell PowerEdge iDRAC9 bare metal, Ubuntu/Linux servers, and Harvester HCI / KubeVirt guest VMs. It highlights the trust chain, explains why firmware expiry does not immediately brick systems, and provides per-surface fix paths to restore 2023 certs.
Core Features & Use Cases
- Surface routing: identify whether the machine uses Dell PowerEdge host firmware, generic Linux host firmware, or Harvester VM OVMF varstore, and apply the correct runbook.
- PK/KEK/db remediation: implement the 2023 certs with a firmware-first path (Dell iDRAC), OS-side db enrollment, or offline VM varstore updates, followed by audit verification.
- Verification and safety: validate that the 2023 certificates are present and that fleet upgrade sequencing is safe before rolling out.
Quick Start
Audit devices to identify the firmware surface and apply the appropriate 2023 cert rotation runbook to ensure boot integrity.
Dependency Matrix
Required Modules
None requiredComponents
references
💻 Claude Code Installation
Recommended: Let Claude install automatically. Simply copy and paste the text below to Claude Code.
Please help me install this Skill: Name: secure-boot-cert-rotation Download link: https://github.com/air-gapped/skills/archive/main.zip#secure-boot-cert-rotation Please download this .zip file, extract it, and install it in the .claude/skills/ directory.
Agent Skills Search Helper
Install a tiny helper to your Agent, search and equip skill from 510,000+ vetted skills library on demand.