CERT-TO-EFI-SIG-LIST(1)          User Commands         CERT-TO-EFI-SIG-LIST(1)

NAME
       cert-to-efi-sig-list - tool for converting openssl certificates to EFI
       signature lists

SYNOPSIS
       cert-to-efi-sig-list [-g <guid>] <crt file> <efi sig list file>

DESCRIPTION
       Take an input X509 certificate (in PEM format) and convert it to an EFI
       signature list file containing only that single certificate

OPTIONS
       -g <guid>
              Use <guid> as the owner of the signature. If this is not
              supplied, an all zero guid will be used

EXAMPLES
       To take a standard X509 certificate in PEM format and produce an output
       EFI signature list file, simply do

       cert-to-efi-sig-list PK.crt PK.esl

       Note that the format of EFI signature list files is such that they can
       simply be concatenated to produce a file with multiple signatures:

       cat PK1.esl PK2.esl > PK.esl

       If your platform has a setup mode key manipulation ability, the keys
       will often only be displayed by GUID, so using the -g option to give
       your keys recognisable GUIDs will be useful if you plan to manage lots
       of keys.

SEE ALSO
       sign-efi-sig-list(1) for details on how to create an authenticated
       update to EFI secure variables when the EFI system is in user mode.

cert-to-efi-sig-list 1.9.2       November 2022         CERT-TO-EFI-SIG-LIST(1)