1CERT-TO-EFI-SIG-LIST(1)          User Commands         CERT-TO-EFI-SIG-LIST(1)
2
3
4

NAME

6       cert-to-efi-sig-list  - tool for converting openssl certificates to EFI
7       signature lists
8

SYNOPSIS

10       cert-to-efi-sig-list [-g <guid>] <crt file> <efi sig list file>
11

DESCRIPTION

13       Take an input X509 certificate (in PEM format) and convert it to an EFI
14       signature list file containing only that single certificate
15

OPTIONS

17       -g <guid>
18              Use  <guid>  as  the owner of the signature. If this is not sup‐
19              plied, an all zero guid will be used
20

EXAMPLES

22       To take a standard X509 certificate in PEM format and produce an output
23       EFI signature list file, simply do
24
25       cert-to-efi-sig-list PK.crt PK.esl
26
27       Note  that the format of EFI signature list files is such that they can
28       simply be concatenated to produce a file with multiple signatures:
29
30       cat PK1.esl PK2.esl > PK.esl
31
32       If your platform has a setup mode key manipulation  ability,  the  keys
33       will  often  only  be displayed by GUID, so using the -g option to give
34       your keys recognisable GUIDs will be useful if you plan to manage  lots
35       of keys.
36

SEE ALSO

38       sign-efi-sig-list(1)  for details on how to create an authenticated up‐
39       date to EFI secure variables when the EFI system is in user mode.
40
41
42
43cert-to-efi-sig-list 1.9.2         July 2021           CERT-TO-EFI-SIG-LIST(1)
Impressum