SecureBootPolicyTools
Take back control of Windows Code Integrity, no exploits or patching required! Requires that you control your own Platform Key (PK).
Install / Use
/learn @Wack0/SecureBootPolicyToolsREADME
SecureBootPolicyTools
Tools for creating and using Secure Boot policies.
bootmgr prior to RS1 accepts Secure Boot policies signed by PK.
Thus, if you control PK, you control what Windows Code Integrity trusts. Sign your own Windows Boot Application; hypervisor; securekernel; driver (VTL0/VTL1); protected process; PPL.
Included tools
SecureBootPolicy: library and compiler for Secure Boot policies. Includes three example policies:SecureBootPolicyDefault.xmlreimplements as much as possible the default Secure Boot policy included in bootmgr starting from RS2.SecureBootPolicyDefaultWithSigners.xmlis the same as above that also reimplements the default signers trusted by CI for easy extensibilitySecureBootPolicyExample.xmladds a custom signer. Replace the TBS hash and enjoy your trusted binaries.
EfiInstallPolicy: EFI application to install a signed Secure Boot policy into UEFI non-volatile variables.BootAppToEfi: Windows Boot Application that switches back to the EFI environment and callsEfiMain().
Note
I am not responsible for anything that may happen to your systems/VMs when using these tools; after all, you control the keys!
Related Skills
node-connect
343.3kDiagnose OpenClaw node connection and pairing failures for Android, iOS, and macOS companion apps
frontend-design
92.1kCreate distinctive, production-grade frontend interfaces with high design quality. Use this skill when the user asks to build web components, pages, or applications. Generates creative, polished code that avoids generic AI aesthetics.
openai-whisper-api
343.3kTranscribe audio via OpenAI Audio Transcriptions API (Whisper).
qqbot-media
343.3kQQBot 富媒体收发能力。使用 <qqmedia> 标签,系统根据文件扩展名自动识别类型(图片/语音/视频/文件)。
