NAME¶

sbvarsign - UEFI authenticated variable signing tool

SYNOPSIS¶

sbvarsign [options] --key <keyfile> --cert <certfile> <var-name> <var-data-file>

Sign a blob of data for use in SetVariable().

--engine <eng>: use the specified engine to load the key
--key <keyfile>: signing key (PEM-encoded RSA private key)
--cert <certfile>: certificate (x509 certificate)
--include-attrs: include attrs at beginning of output file
--guid <GUID>: EFI GUID for the variable. If omitted, EFI_IMAGE_SECURITY_DATABASE or EFI_GLOBAL_VARIABLE (depending on <var-name>) will be used.
--attr <attrs>: variable attributes. One or more of: NON_VOLATILE BOOTSERVICE_ACCESS RUNTIME_ACCESS TIME_BASED_AUTHENTICATED_WRITE_ACCESS APPEND_WRITE
Separate multiple attrs with a comma,: default is all attributes, TIME_BASED_AUTH... is always included.
--output <file>: write signed data to <file> (default <var-data-file>.signed)

April 2019

sbvarsign 0.9.2

Source file:	sbvarsign.1.en.gz (from sbsigntool 0.9.2-2)
Source last updated:	2019-04-19T21:41:15Z
Converted to HTML:	2022-09-07T20:33:29Z