UEFISIGN(8)             FreeBSD System Manager's Manual            UEFISIGN(8)

NAME
     uefisign - UEFI Secure Boot signing utility

SYNOPSIS
     uefisign -k key -c certificate -o output [-v] file
     uefisign -V [-v] file

DESCRIPTION
     The uefisign utility signs PE binary files using Authenticode scheme, as
     required by UEFI Secure Boot specification.  Alternatively, it can be
     used to view and verify existing signatures.  These options are
     available:

     -V     Determine whether the file is signed.  Note that this does not
            verify the correctness of the signature; only that the file
            contains a signature.

     -k     Name of file containing the private key used to sign the binary.

     -c     Name of file containing the certificate used to sign the binary.

     -o     Name of file to write the signed binary to.

     -v     Be verbose.

EXIT STATUS
     The uefisign utility exits 0 on success, and >0 if an error occurs.

EXAMPLES
     Generate self-signed certificate and use it to sign a binary:
           /usr/share/examples/uefisign/uefikeys testcert
           uefisign -c testcert.pem -k testcert.key -o signed-binary binary

     View signature:
           uefisign -Vv binary

SEE ALSO
     openssl(1), loader(8), uefi(8)

HISTORY
     The uefisign command appeared in FreeBSD 10.2.

AUTHORS
     The uefisign utility was developed by Edward Tomasz Napierala
     <trasz@FreeBSD.org> under sponsorship from the FreeBSD Foundation.

FreeBSD 13.1-RELEASE-p6          July 11, 2015         FreeBSD 13.1-RELEASE-p6