blob: e6c8ab0c621332406efbc026673184fe902046bd (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
|
.\" DO NOT MODIFY THIS FILE! It was generated by help2man 1.49.3.
.TH SBVARSIGN "1" "January 2024" "sbvarsign 0.9.5" "User Commands"
.SH NAME
sbvarsign - UEFI authenticated variable signing tool
.SH SYNOPSIS
.B sbvarsign
[\fI\,options\/\fR] \fI\,--key <keyfile> --cert <certfile> <var-name> <var-data-file>\/\fR
.SH DESCRIPTION
Sign a blob of data for use in SetVariable().
.SH OPTIONS
.TP
\fB\-\-engine\fR <eng>
use the specified engine to load the key
.TP
\fB\-\-key\fR <keyfile>
signing key (PEM\-encoded RSA private key)
.TP
\fB\-\-cert\fR <certfile>
certificate (x509 certificate)
.TP
\fB\-\-include\-attrs\fR
include attrs at beginning of output file
.TP
\fB\-\-guid\fR <GUID>
EFI GUID for the variable. If omitted,
EFI_IMAGE_SECURITY_DATABASE or
EFI_GLOBAL_VARIABLE (depending on
<var\-name>) will be used.
.TP
\fB\-\-attr\fR <attrs>
variable attributes. One or more of:
NON_VOLATILE
BOOTSERVICE_ACCESS
RUNTIME_ACCESS
TIME_BASED_AUTHENTICATED_WRITE_ACCESS
APPEND_WRITE
.TP
Separate multiple attrs with a comma,
default is all attributes,
TIME_BASED_AUTH... is always included.
.TP
\fB\-\-output\fR <file>
write signed data to <file>
(default <var\-data\-file>.signed)
|