A pure rust library to sign/verify the EFI image.
see examples
generate certificates
bash
bash -ex scripts/make_codesign_cert.sh
sign a EFI image
bash
./main sign --key key.pem --cert certificate.pem shimx64.efi shimx64.efi.signed
sign a EFI image with detached signature
bash
./main sign --key key.pem --cert certificate.pem -d shimx64.efi efi.signed
the efi.signed
file will onlyl contain the signature itself which can be used by set_authenticode
bash
./main --verbose parse shimx64.efi