Man page - systemd-sbsign(1)

Packages contains this manual

Package: systemd-repart
apt-get install systemd-repart

Manuals in package:

Documentations in package:

systemd-repart

Available languages:

en de

Manual

SYSTEMD-SBSIGN

NAME
SYNOPSIS
DESCRIPTION
COMMANDS
OPTIONS
SEE ALSO

NAME

systemd-sbsign - Sign PE binaries for EFI Secure Boot

SYNOPSIS

systemd-sbsign [OPTIONS...] {COMMAND}

DESCRIPTION

systemd-sbsign can be used to sign PE binaries for EFI Secure Boot.

COMMANDS

sign

Signs the given PE binary for EFI Secure Boot. Takes a path to a PE binary as its argument. If the PE binary already has a certificate table, the new signature will be added to it. Otherwise, a new certificate table will be created. The signed PE binary will be written to the path specified with --output= .

Added in version 257.

OPTIONS

The following options are understood:

--output= PATH

Specifies the path where to write the signed PE binary.

Added in version 257.

--private-key= PATH/URI , --private-key-source= TYPE [: NAME ] , --certificate= PATH , --certificate-source= TYPE [: NAME ]

Set the Secure Boot private key and certificate for use with the sign verb. The --certificate= option takes a path to a PEM-encoded X.509 certificate or a URI that's passed to the OpenSSL provider configured with --certificate-source . The --certificate-source option takes one of "file" or "provider", with the latter being followed by a specific provider identifier, separated with a colon, e.g. "provider:pkcs11". The --private-key= option takes a path or a URI that will be passed to the OpenSSL engine or provider, as specified by --private-key-source= as a "type:name" tuple, such as "engine:pkcs11". The specified OpenSSL signing engine or provider will be used to sign the PE binary.