#secure-boot

nightly efi_signer

A crates for signing and parsing EFI image

10 releases

0.2.7 Nov 13, 2023
0.2.6 Nov 10, 2023
0.2.4 Jun 29, 2023
0.2.2 May 21, 2023
0.1.1 May 4, 2023
Download history 11/week @ 2024-06-28 8/week @ 2024-07-05 10/week @ 2024-07-12 14/week @ 2024-07-19 19/week @ 2024-07-26 15/week @ 2024-08-02 15/week @ 2024-08-09 18/week @ 2024-08-16 11/week @ 2024-08-23 12/week @ 2024-08-30 12/week @ 2024-09-06 15/week @ 2024-09-13 44/week @ 2024-09-20 22/week @ 2024-09-27 47/week @ 2024-10-04 23/week @ 2024-10-11

137 downloads per month

MulanPSL-2.0

1MB
861 lines

Contains (DOS exe, 1MB) tests/shimx64.efi.dualsigned, (DOS exe, 1MB) tests/shimx64.efi, (DOS exe, 1MB) tests/shimx64.efi.signed

EFI_SIGNER

Coverage Status cargo license

A pure rust library to sign/verify the EFI image.

HOWs

see examples

how to sign a EFI image

  1. generate certificates

    bash -ex scripts/make_codesign_cert.sh
    
  2. sign a EFI image

    ./main sign --key key.pem --cert certificate.pem shimx64.efi shimx64.efi.signed
    
  3. sign a EFI image with detached signature

    ./main sign --key key.pem --cert certificate.pem -d shimx64.efi efi.signed
    

    the efi.signed file will onlyl contain the signature itself which can be used by set_authenticode

how to parse the EFI image

./main --verbose parse shimx64.efi

Dependencies

~21–33MB
~542K SLoC