57 lines
1.6 KiB
Diff
57 lines
1.6 KiB
Diff
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
|
From: Robbie Harwood <rharwood@redhat.com>
|
|
Date: Fri, 13 May 2022 16:09:12 -0400
|
|
Subject: [PATCH] README.md: show off a bit more
|
|
|
|
Prominently mention efikeygen and add examples of usage for it and
|
|
pesign proper.
|
|
|
|
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
|
|
---
|
|
README.md | 36 ++++++++++++++++++++++++++++++++----
|
|
1 file changed, 32 insertions(+), 4 deletions(-)
|
|
|
|
diff --git a/README.md b/README.md
|
|
index d70bc53..e9f0cb7 100644
|
|
--- a/README.md
|
|
+++ b/README.md
|
|
@@ -1,6 +1,34 @@
|
|
-Signing tool for PE-COFF binaries, hopefully at least vaguely compliant with
|
|
-the PE and Authenticode specifications.
|
|
+# pesign + efikeygen
|
|
|
|
-This is vaguely analogous to the tool described by
|
|
-http://msdn.microsoft.com/en-us/library/8s9b9yaz%28v=vs.80%29.aspx
|
|
+Signing tools for PE-COFF binaries. Compliant with the PE and Authenticode
|
|
+specifications.
|
|
|
|
+(These serve a similar purpose to Microsoft's
|
|
+[SignTool.exe](http://msdn.microsoft.com/en-us/library/8s9b9yaz%28v=vs.80%29.aspx),
|
|
+except for Linux.)
|
|
+
|
|
+## Examples
|
|
+
|
|
+Generate a key for use with pesign, stored on disk:
|
|
+
|
|
+```
|
|
+efikeyen -d /etc/pki/pesign -S -TYPE -c 'CN=Your Name Key' -n 'Custom Secureboot'
|
|
+```
|
|
+
|
|
+For more complex and secure use cases (e.g., hardware tokens), see
|
|
+efikeygen man page (`man efikeygen`).
|
|
+
|
|
+Sign a UEFI application using that key:
|
|
+
|
|
+```
|
|
+pesign -i grubx64.efi -o grubx64.efi.signed -c 'Custom Secureboot' -s
|
|
+```
|
|
+
|
|
+Show signatures on a UEFI application:
|
|
+
|
|
+```
|
|
+pesign -i grubx64.efi.signed -S
|
|
+```
|
|
+
|
|
+For more signing/verification operations, see the pesign man page (`man
|
|
+pesign`).
|