1SBVARSIGN(1) User Commands SBVARSIGN(1)
2
3
4
6 sbvarsign - UEFI authenticated variable signing tool
7
9 sbvarsign [options] --key <keyfile> --cert <certfile> <var-name> <var-
10 data-file>
11
13 Sign a blob of data for use in SetVariable().
14
16 --engine <eng>
17 use the specified engine to load the key
18
19 --key <keyfile>
20 signing key (PEM-encoded RSA private key)
21
22 --cert <certfile>
23 certificate (x509 certificate)
24
25 --include-attrs
26 include attrs at beginning of output file
27
28 --guid <GUID>
29 EFI GUID for the variable. If omitted, EFI_IMAGE_SECURITY_DATA‐
30 BASE or EFI_GLOBAL_VARIABLE (depending on <var-name>) will be
31 used.
32
33 --attr <attrs>
34 variable attributes. One or more of: NON_VOLATILE BOOTSER‐
35 VICE_ACCESS RUNTIME_ACCESS TIME_BASED_AUTHENTICATED_WRITE_ACCESS
36 APPEND_WRITE
37
38 Separate multiple attrs with a comma,
39 default is all attributes, TIME_BASED_AUTH... is always in‐
40 cluded.
41
42 --output <file>
43 write signed data to <file> (default <var-data-file>.signed)
44
45
46
47sbvarsign 0.9.5 May 2023 SBVARSIGN(1)