Man pages sections > man1 > cert-to-efi-sig-list

cert-to-efi-sig-list - tool for converting openssl certificates to EFI signature

CERT-TO-EFI-SIG-LIST(1) User Commands CERT-TO-EFI-SIG-LIST(1)

NAME

cert-to-efi-sig-list - tool for converting openssl certificates to EFI signature lists

SYNOPSIS

cert-to-efi-sig-list [ -g <guid>] <crt file> <efi sig list file>

DESCRIPTION

Take an input X509 certificate (in PEM format) and convert it to an EFI signature list file containing only that single certificate

OPTIONS

-g <guid>
Use <guid> as the owner of the signature. If this is not supplied, an all zero guid will be used

EXAMPLES

To take a standard X509 certificate in PEM format and produce an output EFI signature list file, simply do
 
cert-to-efi-sig-list PK.crt PK.esl
 
Note that the format of EFI signature list files is such that they can simply be concatenated to produce a file with multiple signatures:
 
cat PK1.esl PK2.esl > PK.esl
 
If your platform has a setup mode key manipulation ability, the keys will often only be displayed by GUID, so using the -g option to give your keys recognisable GUIDs will be useful if you plan to manage lots of keys.

SEE ALSO

sign-efi-sig-list(1) for details on how to create an authenticated update to EFI secure variables when the EFI system is in user mode.
April 2016 cert-to-efi-sig-list 1.4.1