#efi #uefi #pe #authenticode #certificate #secure-boot

nightly efi_signer

A crates for signing and parsing EFI image

11 releases

0.2.8 Dec 18, 2024
0.2.7 Nov 13, 2023
0.2.4 Jun 29, 2023
0.2.2 May 21, 2023
0.1.1 May 4, 2023

#606 in Cryptography

Download history 38/week @ 2024-12-25 107/week @ 2025-01-01 95/week @ 2025-01-08 30/week @ 2025-01-15 23/week @ 2025-01-22 32/week @ 2025-01-29 46/week @ 2025-02-05 89/week @ 2025-02-12 29/week @ 2025-02-19 40/week @ 2025-02-26 34/week @ 2025-03-05 24/week @ 2025-03-12 30/week @ 2025-03-19 34/week @ 2025-03-26 20/week @ 2025-04-02 31/week @ 2025-04-09

119 downloads per month

MulanPSL-2.0

1MB
860 lines

Contains (DOS exe, 1MB) tests/shimx64.efi.dualsigned, (DOS exe, 1MB) tests/shimx64.efi, (DOS exe, 1MB) tests/shimx64.efi.signed

EFI_SIGNER

Coverage Status cargo license

A pure rust library to sign/verify the EFI image.

HOWs

see examples

how to sign a EFI image

  1. generate certificates

    bash -ex scripts/make_codesign_cert.sh
    
  2. sign a EFI image

    ./main sign --key key.pem --cert certificate.p7b shimx64.efi shimx64.efi.signed
    
  3. sign a EFI image with detached signature

    ./main sign --key key.pem --cert certificate.p7b -d shimx64.efi efi.signed
    

    the efi.signed file will onlyl contain the signature itself which can be used by set_authenticode

how to parse the EFI image

./main --verbose parse shimx64.efi

Dependencies

~20–40MB
~587K SLoC