Provided by: python3-virt-firmware_24.1.1-2_all bug

NAME

       virt-fw-vars - manual page for virt-fw-vars 24.1

DESCRIPTION

       The virt-fw-vars utility can print and modify UEFI variable stores.  Supported formats are
       standard edk2 (as used by ovmf and armvirt) and aws.

       usage: virt-fw-vars [-h] [-l LEVEL] [-i FILE] [--inplace FILE]

       [--extract-certs] [-d VAR] [--set-true VAR]
              [--set-false VAR] [--set-json FILE] [--set-boot-uri  LINK]  [--append-boot-filepath
              FILE]      [--set-shim-debug]     [--set-shim-verbose]     [--set-fallback-verbose]
              [--set-fallback-no-reboot] [--set-sbat-level FILE] [--set-pk GUID FILE]  [--add-kek
              GUID   FILE]   [--add-db   GUID   FILE]  [--set-dbx  FILE]  [--add-mok  GUID  FILE]
              [--add-db-hash   GUID   HASH]   [--add-mok-hash   GUID   HASH]    [--enroll-redhat]
              [--enroll-cert CERT] [--enroll-generate CN] [--no-microsoft] [--distro-keys DISTRO]
              [--distro-list] [--sb] [-p] [-v] [-x] [-o FILE] [--output-aws FILE]  [--output-json
              FILE]

       Print and modify EFI variable stores.

   options:
       -h, --help
              show this help message and exit

       -l LEVEL, --loglevel LEVEL
              set loglevel to LEVEL

       -i FILE, --input FILE
              read edk2 or aws vars from FILE

       --inplace FILE, --in-place FILE
              modify FILE in place

       --extract-certs
              extract all certificates

   Variable options:
       -d VAR, --delete VAR
              delete variable VAR, can be specified multiple times

       --set-true VAR
              set variable VAR to true, can be specified multiple times

       --set-false VAR
              set variable VAR to false, can be specified multiple times

       --set-json FILE
              set variables from json dump FILE

   Boot configuration:
       --set-boot-uri LINK
              set network boot uri to LINK (once, using BootNext)

       --append-boot-filepath FILE
              append boot entry for FILE (permanent, using BootOrder)

   shim.efi configuration:
       --set-shim-debug
              enable shim.efi debugging (pause for debugger attach)

       --set-shim-verbose
              enable shim.efi verbose messages

       --set-fallback-verbose
              enable fallback.efi verbose messages

       --set-fallback-no-reboot
              disable rebooting for fallback.efi

       --set-sbat-level FILE
              set SbatLevel variable

   Secure boot setup options:
       --set-pk GUID FILE
              set PK to x509 cert, loaded in pem format from FILE and with owner GUID

       --add-kek GUID FILE
              add  x509  cert  to KEK, loaded in pem format from FILE and with owner GUID, can be
              specified multiple times

       --add-db GUID FILE
              add x509 cert to db, loaded in pem format from FILE and with  owner  GUID,  can  be
              specified multiple times

       --set-dbx FILE
              initialize dbx with update from FILE

       --add-mok GUID FILE
              add  x509  cert to MokList, loaded in pem format from FILE and with owner GUID, can
              be specified multiple times

       --add-db-hash GUID HASH
              add sha256 HASH to db, with owner GUID, can be specified multiple times

       --add-mok-hash GUID HASH
              add sha256 HASH to MokList, with owner GUID, can be specified multiple times

   Secure boot convinience shortcuts:
       --enroll-redhat
              enroll default certificates for redhat platform

       --enroll-cert CERT
              enroll using specified certificate

       --enroll-generate CN
              enroll using generated cert with given common name

       --no-microsoft
              do not add microsoft keys

       --distro-keys DISTRO
              add ca keys for DISTRO

       --distro-list
              list known distros

       --sb, --secure-boot
              enable secure boot mode

   Print options:
       -p, --print
              print varstore

       -v, --verbose
              print varstore verbosely

       -x, --hexdump
              print variable hexdumps

   Output options:
       -o FILE, --output FILE
              write edk2 or aws vars to FILE, using the same format the --input FILE has.

       --output-aws FILE
              write aws vars to FILE

       --output-json FILE
              write json dump to FILE

EXAMPLES

       Print variable store.
              virt-fw-vars --input ${guest}_VARS.fd \
                           --print --verbose

       Enroll default (microsoft) secure boot certificates
              virt-fw-vars --input OVMF_VARS.fd \
                           --output OVMF_VARS.secboot.fd \
                           --enroll-redhat \
                           --secure-boot

AUTHOR

       Gerd Hoffmann <kraxel@redhat.com>