EnglishFrenchSpanish

OnWorks favicon

sign-efi-sig-list - Online in the Cloud

Run sign-efi-sig-list in OnWorks free hosting provider over Ubuntu Online, Fedora Online, Windows online emulator or MAC OS online emulator

This is the command sign-efi-sig-list that can be run in the OnWorks free hosting provider using one of our multiple free online workstations such as Ubuntu Online, Fedora Online, Windows online emulator or MAC OS online emulator

PROGRAM:

NAME


sign-efi-sig-list - signing tool for secure variables as EFI Signature Lists

SYNOPSIS


sign-efi-sig-list [-r] [-m] [-a] [-g <guid>] [-o] [-t <timestamp>] [-i <infile>] [-c <crt
file>] [-k <key file>] <var> <efi sig list file> <output file>

DESCRIPTION


Produce an output file with an authentication header for direct update to a secure
variable. This output may be signed by the usual keys directly or may be split for
external signing using the -o and -i options.

OPTIONS


-r the certificate is rsa2048 rather than x509 [UNIMPLEMENTED]

-m Use a monotonic count instead of a timestamp [UNIMPLEMENTED]

-a Prepare the variable for APPEND_WRITE rather than replacement

-o Do not sign, but output a file of the exact bundle to be signed

-t <timestamp>
Use <timestamp> as the timestamp of the timed variable update If not present, then
the timestamp will be taken from system time. Note you must use this option when
doing detached signing otherwise the signature will be incorrect because of
timestamp mismatches.

-i <infile>
take a detached signature (in PEM format) of the bundle produced by -o and complete
the creation of the update

-g <guid>
Use <guid> as the signature owner GUID

-c <crt>
<crt> is the file containing the signing certificate in PEM format

-k <key>
<key> is the file containing the key for <crt> in PEM format

EXAMPLES


To sign a simple append update to db which has been prepared as an EFI Signature List in
DB.esl and output the result with the authentication header in DB.auth

sign-efi-sig-list -a -c KEK.crt -k KEK.key db DB.esl DB.auth

To do a detached signature in the same way

sign-efi-sig-list -a -t 'Jul 21 09:39:37 BST 2012' -o db DB.esl DB.forsig

Now sign the DB.forsig file in the standard openssl way. Note that the standards require
sha256 as the signature algorithm

openssl smime -sign -binary -in DB.forsig -out DB.signed -signer KEK.crt -inkey KEK.key
-outform DER -md sha256

Which produces a detached PKCS7 signature in DB.signed. Now feed this back into the
program remembering to keep the same timestamp (and the -a flag):

sign-efi-sig-list -a -i DB.signed -t 'Jul 21 09:39:37 BST 2012' db DB.auth

To delete a key, simply sign an empty EFI signature list file, so to produce an variable
update that will delete the PK:

> null.esl

And then sign it in the standard way (must not be an append write update):

sign-efi-sig-list -c PK.crt -k PK.key PK null.esl PK.auth

Once you have the .auth file conveyed to the UEFI platform, you can use the UpdateVars.efi
program to apply it

UpdateVars [-a] db DB.auth

Where the -a flag must be present if the DB.auth file was created as an append write
update and absent if its replacing the variable.

Use sign-efi-sig-list online using onworks.net services


Free Servers & Workstations

Download Windows & Linux apps

  • 1
    VASSAL Engine
    VASSAL Engine
    VASSAL is a game engine for creating
    electronic versions of traditional board
    and card games. It provides support for
    game piece rendering and interaction,
    and...
    Download VASSAL Engine
  • 2
    OpenPDF - Fork of iText
    OpenPDF - Fork of iText
    OpenPDF is a Java library for creating
    and editing PDF files with a LGPL and
    MPL open source license. OpenPDF is the
    LGPL/MPL open source successor of iText,
    a...
    Download OpenPDF - Fork of iText
  • 3
    SAGA GIS
    SAGA GIS
    SAGA - System for Automated
    Geoscientific Analyses - is a Geographic
    Information System (GIS) software with
    immense capabilities for geodata
    processing and ana...
    Download SAGA GIS
  • 4
    Toolbox for Java/JTOpen
    Toolbox for Java/JTOpen
    The IBM Toolbox for Java / JTOpen is a
    library of Java classes supporting the
    client/server and internet programming
    models to a system running OS/400,
    i5/OS, o...
    Download Toolbox for Java/JTOpen
  • 5
    D3.js
    D3.js
    D3.js (or D3 for Data-Driven Documents)
    is a JavaScript library that allows you
    to produce dynamic, interactive data
    visualizations in web browsers. With D3
    you...
    Download D3.js
  • 6
    Shadowsocks
    Shadowsocks
    A fast tunnel proxy that helps you
    bypass firewalls This is an application
    that can also be fetched from
    https://sourceforge.net/projects/shadowsocksgui/.
    It ha...
    Download Shadowsocks
  • More »

Linux commands

Ad