Provided by: efitools_1.4.2+git20140118-0ubuntu1_amd64 bug

NAME

       cert-to-efi-sig-list - tool for converting openssl certificates to EFI signature lists

SYNOPSIS

       cert-to-efi-sig-list [-g <guid>] <crt file> <efi sig list file>

DESCRIPTION

       Take  an  input  X509 certificate (in PEM format) and convert it to an EFI signature list file containing
       only that single certificate

OPTIONS

       -g <guid>
              Use <guid> as the owner of the signature. If this is not supplied, an all zero guid will be used

EXAMPLES

       To take a standard X509 certificate in PEM format and produce an output EFI signature list  file,  simply
       do

       cert-to-efi-sig-list PK.crt PK.esl

       Note  that the format of EFI signature list files is such that they can simply be concatenated to produce
       a file with multiple signatures:

       cat PK1.esl PK2.esl > PK.esl

       If your platform has a setup mode key manipulation ability, the keys will  often  only  be  displayed  by
       GUID,  so  using  the -g option to give your keys recognisable GUIDs will be useful if you plan to manage
       lots of keys.

SEE ALSO

       sign-efi-sig-list(1) for details on how to create an authenticated update to EFI  secure  variables  when
       the EFI system is in user mode.