Provided by: systemd-repart_257.4-1ubuntu3.1_amd64 
NAME
systemd-sbsign - Sign PE binaries for EFI Secure Boot
SYNOPSIS
systemd-sbsign [OPTIONS...] {COMMAND}
DESCRIPTION
systemd-sbsign can be used to sign PE binaries for EFI Secure Boot.
COMMANDS
sign
Signs the given PE binary for EFI Secure Boot. Takes a path to a PE binary as its argument. If the PE
binary already has a certificate table, the new signature will be added to it. Otherwise a new
certificate table will be created. The signed PE binary will be written to the path specified with
--output=.
Added in version 257.
OPTIONS
The following options are understood:
--output=PATH
Specifies the path where to write the signed PE binary.
Added in version 257.
--private-key=PATH/URI, --private-key-source=TYPE[:NAME], --certificate=PATH,
--certificate-source=TYPE[:NAME]
Set the Secure Boot private key and certificate for use with the sign. The --certificate= option
takes a path to a PEM encoded X.509 certificate or a URI that's passed to the OpenSSL provider
configured with --certificate-source. The --certificate-source takes one of "file" or "provider",
with the latter being followed by a specific provider identifier, separated with a colon, e.g.
"provider:pkcs11". The --private-key= option can take a path or a URI that will be passed to the
OpenSSL engine or provider, as specified by --private-key-source= as a "type:name" tuple, such as
"engine:pkcs11". The specified OpenSSL signing engine or provider will be used to sign the PE binary.
Added in version 257.
-h, --help
Print a short help text and exit.
--version
Print a short version string and exit.
SEE ALSO
bootctl(1)
systemd 257.4 SYSTEMD-SBSIGN(1)