sig-list-to-certs - Online in the Cloud

Run sig-list-to-certs in OnWorks free hosting provider over Ubuntu Online, Fedora Online, Windows online emulator or MAC OS online emulator

This is the command sig-list-to-certs that can be run in the OnWorks free hosting provider using one of our multiple free online workstations such as Ubuntu Online, Fedora Online, Windows online emulator or MAC OS online emulator

Run in Ubuntu Run in Fedora Run in Windows Sim Run in MACOS Sim

PROGRAM:

NAME

sig-list-to-certs - tool for converting EFI signature lists back to openssl certificates

SYNOPSIS

sig-list-to-certs <efi sig list file> <cert file base name>

DESCRIPTION

Takes <efi sig list file> and converts it to a set of DER format openssl certificates in
<cert file base name>.n (where n runs from 0 to the number of certificates in the file)

EXAMPLES

To see what certificates your UEFI system currently has, you can run the dmpstore command
to print them to a file

dmpstore PK > PK.uc16

This file isn't readily readable on a standard unix system because it's in UC-16 format,
so convert it to ordinary text

iconv -f utf-16 PK.uc16 > PK.txt

Now remove the header which says something like

Dump Variable pk
Variable NV+RT+BS 'Efi:PK' DataSize = 2DA

Leaving only the hex dump. This can then be converted to an EFI signature list by xxd

xxd -r PK.txt > PK.esl

and you can now extract openssl readable certificates from this

sig-list-to-certs PK.esl PK

Which will print some information like

X509 Header sls=730, header=0, sig=686
file PK.0: Guid 77fa9abd-0359-4d32-4d60-28f4e78f784b
Written 686 bytes

And finally, you can see the certificate in text format

openssl x509 -text -inform DER -in PK.0

Assuming it's an X509 certificate

sig-list-to-certs ./sig-list-to-certs <efi sAprils2014le> <cert file base namS&gtIG-LIST-TO-CERTS(1)

Use sig-list-to-certs online using onworks.net services