{"id":28496490,"url":"https://github.com/frameworkcomputer/uefi-shell","last_synced_at":"2026-02-05T12:34:06.186Z","repository":{"id":292996676,"uuid":"982599317","full_name":"FrameworkComputer/UEFI-Shell","owner":"FrameworkComputer","description":"Fork of https://github.com/pbatard/UEFI-Shell","archived":false,"fork":false,"pushed_at":"2025-05-23T01:46:39.000Z","size":38,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":3,"default_branch":"main","last_synced_at":"2025-07-18T19:45:06.614Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":null,"has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"other","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/FrameworkComputer.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"License.txt","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2025-05-13T06:15:11.000Z","updated_at":"2025-05-23T01:46:43.000Z","dependencies_parsed_at":"2025-07-18T17:34:00.073Z","dependency_job_id":"51d221d6-5c01-4b96-9c4d-8f4da1c861f5","html_url":"https://github.com/FrameworkComputer/UEFI-Shell","commit_stats":null,"previous_names":["frameworkcomputer/uefi-shell"],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/FrameworkComputer/UEFI-Shell","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/FrameworkComputer%2FUEFI-Shell","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/FrameworkComputer%2FUEFI-Shell/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/FrameworkComputer%2FUEFI-Shell/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/FrameworkComputer%2FUEFI-Shell/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/FrameworkComputer","download_url":"https://codeload.github.com/FrameworkComputer/UEFI-Shell/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/FrameworkComputer%2FUEFI-Shell/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":29121785,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-02-05T10:47:47.471Z","status":"ssl_error","status_checked_at":"2026-02-05T10:45:08.119Z","response_time":65,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.5:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2025-06-08T12:30:28.443Z","updated_at":"2026-02-05T12:34:06.151Z","avatar_url":"https://github.com/FrameworkComputer.png","language":null,"funding_links":[],"categories":[],"sub_categories":[],"readme":"UEFI-Shell\n==========\n\n[![Build status](https://img.shields.io/github/actions/workflow/status/pbatard/UEFI-Shell/linux_gcc_edk2.yml?label=Build%20Status\u0026style=flat-square)](https://github.com/pbatard/UEFI-Shell/actions/workflows/linux_gcc_edk2.yml)\n[![Github stats](https://img.shields.io/github/downloads/pbatard/UEFI-Shell/total.svg?label=Downloads\u0026style=flat-square)](https://github.com/pbatard/UEFI-Shell/releases)\n[![Release](https://img.shields.io/badge/Latest%20Release-24H2%20(edk2--stable202411)-blue.svg?style=flat-square)](https://github.com/pbatard/UEFI-Shell/releases)\n[![License](https://img.shields.io/badge/License-BSD%202--Clause-orange.svg)](https://opensource.org/licenses/BSD-2-Clause)\n\nThis repository contains pre-built UEFI Shell binary images, generated from\nofficial [EDK2](https://github.com/tianocore/edk2) stable releases.\n\n## Usage\n\nThese images are mostly provided in the form of a bootable ISO, in order to\nmake them easy to use with boot media creators such as [Rufus](https://rufus.ie).\n\nHowever, these can also readily used by:\n- Partitioning and formatting a media, such as a USB Flash drive, using a FAT\n  file system.\n- Extracting the ISO content as is, onto the FAT partition.\n\nOnce you have done that, and provided that your machine is set to boot from\nremovable media (and runs a UEFI firmware that uses one of the architectures\nsupported by the release), it should automatically boot into the UEFI Shell.\n\nAlternatively, you can download the individual UEFI Shell binary for your\nplatform.\n\nNote that Secure Boot must be disabled for a UEFI Shell media to boot, as\nMicrosoft does not allow an external UEFI Shell to be signed for Secure Boot.\n\n## Inclusion of Mosby\n\nStarting with release 24H2, these ISO images also include [Mosby](https://github.com/pbatard/Mosby)\n**as an optional binary** that you can run by typing `Mosby` from the Shell\ncommand prompt.\n\nThis is done because we believe that, with the planned expiration of current\nSecure Boot DB signing certificates for Microsoft Windows and UEFI Third Party\n**that will occur in 2026**, as well as the whole *BlackLotus* revocation mess,\nmore and more people are going to be looking for a convenient way to update\ntheir UEFI Secure Boot databases, and Mosby is designed to accomplish just that.\n\nBut again, it needs to be reiterated that the inclusion of Mosby does not\nchange anything to the base UEFI Shell. It's just an extra command you can\ninvoke, *should you decide to do so*.\n\n## Binary validation\n\nThese binaries are built in a fully transparent manner, in order to provide\nyou with complete assurance that they do not contain anything malicious.\n\nTo validate this claim, you can perform the following:\n\n1. Locate the build action for the ISO you downloaded under\n   https://github.com/pbatard/UEFI-Shell/actions. For instance, for the 21H1\n   release, this would be https://github.com/pbatard/UEFI-Shell/actions/runs/1160237413.\n2. Click on `build` to access the build log, and then look at the `Checkout\n   repository and submodules` task. The last line for that task provides the\n   SHA-1 of the repository commit that was used for the build process (for 21H1\n   that would be `19803c2b2183849fc3a4d6f08cc3c0549232df0c`).\n3. Append that SHA-1 to `https://github.com/pbatard/UEFI-Shell/commit/` to\n   validate that you end up with one of the __public__ commits that were\n   pushed to this repository. This validates that the build was not triggered\n   by a \"hidden\" commit, that would perform something malicious, and that we\n   would later delete, since it is impossible for anyone without an army of\n   supercomputers to alter a git commit in order to \"fake\" a specific SHA-1.  \n   NB: You don't have to take our word for that last claim. Just google \"SHA-1\n   collision\" and also look into the measures that git is taking to switch to\n   SHA-256 so as to make the possibility of collision impossible.\n4. At this stage, you have assurance that the commit that was used to build\n   the binary is a public one. However, you must also further validate that\n   the EDK2 source that was used for the build is also the public one that\n   is published from https://github.com/tianocore/edk2, and not some private\n   potentially malicious copy. To accomplish that, click the `Browse Files`\n   button on the page you got from the URL that was constructed above and\n   the click on the `edk2 @ #####` link that you see in the repository tree.\n   For instance, for 21H1, that link will be labelled `edk2 @ e1999b2`.\n5. Validate that this link takes you to a public commit from\n   https://github.com/tianocore/edk2. Once you have done that, then you have\n   validated that, not only the build cannot have been triggered by a hidden\n   commit but also that the EDK2 source for the UEFI Shell that is produced\n   by the build cannot have come from anywhere else but the public EDK2\n   repository.\n6. If you are familiar enough with the build process, you should now look at\n   the GitHub actions `.yml` from the commit that was used to trigger the build\n   to also validate that it is not doing anything suspiscious (such as\n   discarding the built executables to replace them with pre-built malicious\n   ones downloaded from a third-party server). Again, because you have already\n   validated, with 100% certainty, that all the steps that are used for the\n   build can only have come from a public commit which everyone has access to,\n   it would simply be impossible for any such behaviour not to appear plainly\n   in the `.yml`.\n7. At this stage, you should have total confidence that the build process did\n   produce binaries that can be __trusted__ to have been built only from the\n   public unmodified EDK2 UEFI Shell source. Therefore, the one last item to\n   check is to validate that the binaries proposed under this project's Release\n   page __are__ the actual binaries that were produced from the build, rather\n   than some malicious replacements (since the owner of any GitHub project has\n   the ability to delete and replace release files). This last step is very\n   easy to accomplish however: As part of the build process, we make sure to\n   also display the SHA-256 for all of the UEFI binaries as well as for the\n   ISO images being generated.  \n   Thus, depending on whether you extracted individual `.efi` files, or are\n   working directly with a `.iso`, you can find the relevant SHA-256 displayed\n   either under the `Display SHA-256` step or the `Generate ISO images` step\n   within the build log (and you should of course have validated that the\n   GitHub Actions' `.yml` that was used as part of the build was indeed set\n   to perform an actual computation of the SHA-256 from the generated files,\n   as opposed to mimicking the display of an SHA-256 computation in order to\n   trick someone looking only at the log into thinking that a malicious file\n   published under Releases, and that was not generated from the automated\n   build process, did come from the build process).\n8. Compare the SHA-256 from the build log with the one from the `.efi` or\n   `.iso` you downloaded, and verify that they are the same.\n\nIf you accomplish all the steps above, then you will have established, with\n__absolute__ certainty, that the binaries that are being published on our\nReleases page can be trusted not to contain malware (that is, provided you do\naccept that toolchains like `gcc` or GitHub employees can be trusted not to\ninsert malware on their own, but this is outside of the scope of the kind of\nassurance that we can provide here).\n\nAnd the nice thing is that, because any failure of validation for the points we\ndescribe above is __very easy__ to detect, you can rest assured that, even if\nyou do not go through these steps yourself, someone else is likely to, and is\nbound to say something if we ever are to do anything that looks contrary to\nour claim that the UEFI Shell binaries published here are 100% trustworthy.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fframeworkcomputer%2Fuefi-shell","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fframeworkcomputer%2Fuefi-shell","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fframeworkcomputer%2Fuefi-shell/lists"}