virt-fw-sigdb - Man Page
manual page for virt-fw-sigdb 24.7
Description
The virt-fw-sigdb utility can create, modify and print EFI signature databases. This is the format used by UEFI firmware to store lists of certificates and authenticode hashes for binaries in EFI variables like 'PK', 'KEK', 'db' and 'dbx'.
Usually signature databases are embedded in EFI variable stores, so for most use cases you'll probably should check out the virt-fw-vars(1) utility instead of this.
The exception to this rule is the list of root CA certificates for TLS connections which can be passed from the host via qemu to OVMF using the etc/edk2/https/cacerts fw_cfg file.
usage: virt-fw-sigdb [-h] [-i FILE] [-o FILE] [--add-cert GUID FILE]
[--add-hash GUID HASH] [-p]
options
- -h, --help
show this help message and exit
- -i FILE, --input FILE
read efi sigdb FILE
- -o FILE, --output FILE
write efi sigdb FILE.
- --add-cert GUID FILE
add x509 cert to sigdb, loaded in pem format from FILE and with owner GUID, can be specified multiple times
- --add-hash GUID HASH
add sha256 hash to sigdb, with owner GUID, can be specified multiple times
- -p, --print
print sigdb
Examples
Author
Gerd Hoffmann <kraxel@redhat.com>