sbctl

Rename hook form ZZ to zz

Figure out UEFI Class 3+

We need a reliable way to tell if the CPU is post 2020'ish and carries oprom.

Parse TPM Eventlog
Scan for known issues?
Laptop models

Subcommand: expert

Debug information. Read out variables WIP/POC functionality

Should be hidden by default?

sbctl expert enroll
    --microsoft-ca
    --checksum
    --tpmeventlog
    --pk, --kek, --db, --dbx

sbctl expert print
    --efivarfs
    --guess

sbctl enroll-keys --vendor-keys="vendor microsoft"
sbctl enroll-keys --enroll-oprom

Subcommand: setup

Subcommand: rotate-key