Lib.rs

Cryptography
#efi #uefi #pe #authenticode #secure-boot

nightly efi_signer

A crates for signing and parsing EFI image

by lcr

11 releases

new 0.2.8 Dec 18, 2024
0.2.7 Nov 13, 2023
0.2.4 Jun 29, 2023
0.2.2 May 21, 2023
0.1.1 May 4, 2023

#977 in Cryptography

Download history 9/week @ 2024-08-26 13/week @ 2024-09-02 13/week @ 2024-09-09 14/week @ 2024-09-16 47/week @ 2024-09-23 20/week @ 2024-09-30 53/week @ 2024-10-07 23/week @ 2024-10-14 15/week @ 2024-10-21 13/week @ 2024-10-28 28/week @ 2024-11-04 14/week @ 2024-11-11 22/week @ 2024-11-18 22/week @ 2024-11-25 160/week @ 2024-12-02 270/week @ 2024-12-09

476 downloads per month

MulanPSL-2.0

1MB
860 lines

Contains (DOS exe, 1MB) tests/shimx64.efi.dualsigned, (DOS exe, 1MB) tests/shimx64.efi, (DOS exe, 1MB) tests/shimx64.efi.signed

EFI_SIGNER

Coverage Status cargo license

A pure rust library to sign/verify the EFI image.

HOWs

see examples

how to sign a EFI image

  1. generate certificates

    bash -ex scripts/make_codesign_cert.sh

  2. sign a EFI image

    ./main sign --key key.pem --cert certificate.p7b shimx64.efi shimx64.efi.signed

  3. sign a EFI image with detached signature

    ./main sign --key key.pem --cert certificate.p7b -d shimx64.efi efi.signed

    the efi.signed file will onlyl contain the signature itself which can be used by set_authenticode

how to parse the EFI image

./main --verbose parse shimx64.efi

Dependencies

~19–35MB
~567K SLoC