From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Robbie Harwood <rharwood@redhat.com>
Date: Fri, 13 May 2022 16:09:12 -0400
Subject: [PATCH] README.md: show off a bit more

Prominently mention efikeygen and add examples of usage for it and
pesign proper.

Signed-off-by: Robbie Harwood <rharwood@redhat.com>
---
 README.md | 36 ++++++++++++++++++++++++++++++++----
 1 file changed, 32 insertions(+), 4 deletions(-)

diff --git a/README.md b/README.md
index d70bc53..e9f0cb7 100644
--- a/README.md
+++ b/README.md
@@ -1,6 +1,34 @@
-Signing tool for PE-COFF binaries, hopefully at least vaguely compliant with
-the PE and Authenticode specifications.
+# pesign + efikeygen
 
-This is vaguely analogous to the tool described by
-http://msdn.microsoft.com/en-us/library/8s9b9yaz%28v=vs.80%29.aspx
+Signing tools for PE-COFF binaries.  Compliant with the PE and Authenticode
+specifications.
 
+(These serve a similar purpose to Microsoft's
+[SignTool.exe](http://msdn.microsoft.com/en-us/library/8s9b9yaz%28v=vs.80%29.aspx),
+except for Linux.)
+
+## Examples
+
+Generate a key for use with pesign, stored on disk:
+
+```
+efikeyen -d /etc/pki/pesign -S -TYPE -c 'CN=Your Name Key' -n 'Custom Secureboot'
+```
+
+For more complex and secure use cases (e.g., hardware tokens), see
+efikeygen man page (`man efikeygen`).
+
+Sign a UEFI application using that key:
+
+```
+pesign -i grubx64.efi -o grubx64.efi.signed -c 'Custom Secureboot' -s
+```
+
+Show signatures on a UEFI application:
+
+```
+pesign -i grubx64.efi.signed -S
+```
+
+For more signing/verification operations, see the pesign man page (`man
+pesign`).