sbsign - UEFI secure boot signing tool
sbsign [options] --key <keyfile> --cert <certfile> <efi-boot-image>
Sign an EFI boot image for use with secure boot.
−−engine <eng>
use the specified engine to load the key
−−key <keyfile>
signing key (PEM−encoded RSA private key)
−−cert <certfile>
certificate (x509 certificate)
|
−−addcert <addcertfile> additional intermediate certificates in a file |
−−detached
write a detached signature, instead of a signed binary
−−output <file>
write signed data to <file> (default <efi−boot−image>.signed, or <efi−boot−image>.pk7 for detached signatures)