1*bb7548fdSMatthew Dillon.\" Copyright (c) 2014 The FreeBSD Foundation 2*bb7548fdSMatthew Dillon.\" All rights reserved. 3*bb7548fdSMatthew Dillon.\" 4*bb7548fdSMatthew Dillon.\" This software was developed by Edward Tomasz Napierala under sponsorship 5*bb7548fdSMatthew Dillon.\" from the FreeBSD Foundation. 6*bb7548fdSMatthew Dillon.\" 7*bb7548fdSMatthew Dillon.\" Redistribution and use in source and binary forms, with or without 8*bb7548fdSMatthew Dillon.\" modification, are permitted provided that the following conditions 9*bb7548fdSMatthew Dillon.\" are met: 10*bb7548fdSMatthew Dillon.\" 1. Redistributions of source code must retain the above copyright 11*bb7548fdSMatthew Dillon.\" notice, this list of conditions and the following disclaimer. 12*bb7548fdSMatthew Dillon.\" 2. Redistributions in binary form must reproduce the above copyright 13*bb7548fdSMatthew Dillon.\" notice, this list of conditions and the following disclaimer in the 14*bb7548fdSMatthew Dillon.\" documentation and/or other materials provided with the distribution. 15*bb7548fdSMatthew Dillon.\" 16*bb7548fdSMatthew Dillon.\" THIS SOFTWARE IS PROVIDED BY THE AUTHORS AND CONTRIBUTORS ``AS IS'' AND 17*bb7548fdSMatthew Dillon.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 18*bb7548fdSMatthew Dillon.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 19*bb7548fdSMatthew Dillon.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE LIABLE 20*bb7548fdSMatthew Dillon.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 21*bb7548fdSMatthew Dillon.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 22*bb7548fdSMatthew Dillon.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 23*bb7548fdSMatthew Dillon.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 24*bb7548fdSMatthew Dillon.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 25*bb7548fdSMatthew Dillon.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 26*bb7548fdSMatthew Dillon.\" SUCH DAMAGE. 27*bb7548fdSMatthew Dillon.\" 28*bb7548fdSMatthew Dillon.\" $FreeBSD: head/usr.sbin/uefisign/uefisign.8 285671 2015-07-18 12:03:17Z trasz $ 29*bb7548fdSMatthew Dillon.\" 30*bb7548fdSMatthew Dillon.Dd July 11, 2015 31*bb7548fdSMatthew Dillon.Dt UEFISIGN 8 32*bb7548fdSMatthew Dillon.Os 33*bb7548fdSMatthew Dillon.Sh NAME 34*bb7548fdSMatthew Dillon.Nm uefisign 35*bb7548fdSMatthew Dillon.Nd UEFI Secure Boot signing utility 36*bb7548fdSMatthew Dillon.Sh SYNOPSIS 37*bb7548fdSMatthew Dillon.Nm 38*bb7548fdSMatthew Dillon.Fl k Ar key 39*bb7548fdSMatthew Dillon.Fl c Ar certificate 40*bb7548fdSMatthew Dillon.Fl o Ar output 41*bb7548fdSMatthew Dillon.Op Fl v 42*bb7548fdSMatthew Dillon.Ar file 43*bb7548fdSMatthew Dillon.Nm 44*bb7548fdSMatthew Dillon.Fl V 45*bb7548fdSMatthew Dillon.Op Fl v 46*bb7548fdSMatthew Dillon.Ar file 47*bb7548fdSMatthew Dillon.Sh DESCRIPTION 48*bb7548fdSMatthew DillonThe 49*bb7548fdSMatthew Dillon.Nm 50*bb7548fdSMatthew Dillonutility signs PE binary files using Authenticode scheme, as required by 51*bb7548fdSMatthew DillonUEFI Secure Boot specification. 52*bb7548fdSMatthew DillonAlternatively, it can be used to view and verify existing signatures. 53*bb7548fdSMatthew DillonThese options are available: 54*bb7548fdSMatthew Dillon.Bl -tag -width ".Fl l" 55*bb7548fdSMatthew Dillon.It Fl V 56*bb7548fdSMatthew DillonDetermine whether the file is signed. 57*bb7548fdSMatthew DillonNote that this does not verify the correctness of the signature; 58*bb7548fdSMatthew Dillononly that the file contains a signature. 59*bb7548fdSMatthew Dillon.It Fl k 60*bb7548fdSMatthew DillonName of file containing the private key used to sign the binary. 61*bb7548fdSMatthew Dillon.It Fl c 62*bb7548fdSMatthew DillonName of file containing the certificate used to sign the binary. 63*bb7548fdSMatthew Dillon.It Fl o 64*bb7548fdSMatthew DillonName of file to write the signed binary to. 65*bb7548fdSMatthew Dillon.It Fl v 66*bb7548fdSMatthew DillonBe verbose. 67*bb7548fdSMatthew Dillon.El 68*bb7548fdSMatthew Dillon.Sh EXIT STATUS 69*bb7548fdSMatthew DillonThe 70*bb7548fdSMatthew Dillon.Nm 71*bb7548fdSMatthew Dillonutility exits 0 on success, and >0 if an error occurs. 72*bb7548fdSMatthew Dillon.Sh EXAMPLES 73*bb7548fdSMatthew DillonGenerate self-signed certificate and use it to sign a binary: 74*bb7548fdSMatthew Dillon.Dl /usr/share/examples/uefisign/uefikeys testcert 75*bb7548fdSMatthew Dillon.Dl uefisign -c testcert.pem -k testcert.key -o signed-binary binary 76*bb7548fdSMatthew Dillon.Pp 77*bb7548fdSMatthew DillonView signature: 78*bb7548fdSMatthew Dillon.Dl uefisign -Vv binary 79*bb7548fdSMatthew Dillon.Sh SEE ALSO 80*bb7548fdSMatthew Dillon.Xr openssl 1 , 81*bb7548fdSMatthew Dillon.Xr loader 8 , 82*bb7548fdSMatthew Dillon.Xr uefi 8 83*bb7548fdSMatthew Dillon.Sh HISTORY 84*bb7548fdSMatthew DillonThe 85*bb7548fdSMatthew Dillon.Nm 86*bb7548fdSMatthew Dilloncommand appeared in 87*bb7548fdSMatthew Dillon.Fx 10.2 . 88*bb7548fdSMatthew Dillon.Sh AUTHORS 89*bb7548fdSMatthew DillonThe 90*bb7548fdSMatthew Dillon.Nm 91*bb7548fdSMatthew Dillonutility was developed by 92*bb7548fdSMatthew Dillon.An Edward Tomasz Napierala Aq Mt trasz@FreeBSD.org 93*bb7548fdSMatthew Dillonunder sponsorship from the FreeBSD Foundation. 94