Skip to content
/ pesign Public
forked from rhboot/pesign

Linux tools for signed PE-COFF binaries

License

Notifications You must be signed in to change notification settings

nfrayer/pesign

 
 

Repository files navigation

pesign + efikeygen

Signing tools for PE-COFF binaries. Compliant with the PE and Authenticode specifications.

(These serve a similar purpose to Microsoft's SignTool.exe, except for Linux.)

Examples

Generate a key for use with pesign, stored on disk:

efikeygen -d /etc/pki/pesign -S -TYPE -c 'CN=Your Name Key' -n 'Custom Secureboot'

(where TYPE is m if you're only signing kernel modules, and k otherwise).

For more complex and secure use cases (e.g., hardware tokens), see efikeygen man page (man efikeygen).

Sign a UEFI application using that key:

pesign -i grubx64.efi -o grubx64.efi.signed -c 'Custom Secureboot' -s

Show signatures on a UEFI application:

pesign -i grubx64.efi.signed -S

For more signing/verification operations, see the pesign man page (man pesign).

About

Linux tools for signed PE-COFF binaries

Resources

License

Code of conduct

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages

  • C 87.7%
  • Roff 5.5%
  • Shell 4.7%
  • Makefile 2.1%