FreeBSD manual
download PDF document: uefisign.8.pdf
UEFISIGN(8) FreeBSD System Manager's Manual UEFISIGN(8)
NAME
uefisign - UEFI Secure Boot signing utility
SYNOPSIS
uefisign -k key -c certificate -o output [-v] file
uefisign -V [-v] file
DESCRIPTION
The uefisign utility signs PE binary files using Authenticode scheme, as
required by UEFI Secure Boot specification. Alternatively, it can be
used to view and verify existing signatures. These options are
available:
-V
Determine whether the file is signed. Note that this does not verify
the correctness of the signature; only that the file contains a
signature.
-k
Name of file containing the private key used to sign the binary.
-c
Name of file containing the certificate used to sign the binary.
-o
Name of file to write the signed binary to.
-v
Be verbose.
EXIT STATUS
The uefisign utility exits 0 on success, and >0 if an error occurs.
EXAMPLES
Generate self-signed certificate and use it to sign a binary:
/usr/share/examples/uefisign/uefikeys testcert
uefisign -c testcert.pem -k testcert.key -o signed-binary binary
View signature:
uefisign -Vv binary
SEE ALSO
openssl(1), loader(8), uefi(8)
HISTORY
The uefisign command appeared in FreeBSD 10.2.
AUTHORS
The uefisign utility was developed by Edward Tomasz Napierala
<trasz@FreeBSD.org> under sponsorship from the FreeBSD Foundation.
FreeBSD 14.0-RELEASE-p11 July 11, 2015 FreeBSD 14.0-RELEASE-p11