Skip to content

rhboot/pesign

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

902 Commits

.github/workflows

.github/workflows

 
 

include

include

 
 

libdpe

libdpe

 
 

src

src

 
 

util

util

 
 

.gitignore

.gitignore

 
 

CODE_OF_CONDUCT.md

CODE_OF_CONDUCT.md

 
 

COPYING

COPYING

 
 

Make.coverity

Make.coverity

 
 

Make.defaults

Make.defaults

 
 

Make.deps

Make.deps

 
 

Make.efirules

Make.efirules

 
 

Make.rules

Make.rules

 
 

Make.scan-build

Make.scan-build

 
 

Make.version

Make.version

 
 

Makefile

Makefile

 
 

README.md

README.md

 
 

TODO

TODO

 
 

Repository files navigation

pesign + efikeygen

Signing tools for PE-COFF binaries. Compliant with the PE and Authenticode specifications.

(These serve a similar purpose to Microsoft's SignTool.exe, except for Linux.)

Examples

Generate a key for use with pesign, stored on disk:

efikeygen -d /etc/pki/pesign -S -TYPE -c 'CN=Your Name Key' -n 'Custom Secureboot'

(where TYPE is m if you're only signing kernel modules, and k otherwise).

For more complex and secure use cases (e.g., hardware tokens), see efikeygen man page (man efikeygen).

Sign a UEFI application using that key:

pesign -i grubx64.efi -o grubx64.efi.signed -c 'Custom Secureboot' -s

Show signatures on a UEFI application:

pesign -i grubx64.efi.signed -S

For more signing/verification operations, see the pesign man page (man pesign).

About

Linux tools for signed PE-COFF binaries

Resources

Readme

License

GPL-2.0 license

Code of conduct

Code of conduct
Activity
Custom properties

Stars

99 stars

Watchers

11 watching

Forks

49 forks
Report repository

Releases 7

116 Latest
Jan 31, 2023
+ 6 releases

Packages

No packages published

Contributors 31

+ 17 contributors

Languages