Revision as of 04:51, 9 June 2024 view source Xtex (talk \| contribs) Interface administrators, Administrators 977 edits m Bot: Replace deprecated source tag with syntaxhighlight ← Older edit		Revision as of 11:04, 9 June 2024 view source Xtex (talk \| contribs) Interface administrators, Administrators 977 edits m →‎Signed PE with Attribute Certificate Table Newer edit →
Line 167: For [https://wiki.osdev.org/EFI#Secure_Boot Secure Boot] under [[EFI]] such a signature is a must. It worth nothing that the PE format allows multiple certificates to be embedded in a single PE file, but UEFI firmware implementations usually only '''allow one''', which must be signed by the Microsoft KEK. If the firmware allows installing more KEK (not typical), then you can use other certificates as well. The bCertificate data is a PKCS#7 signature with certificate, encoded in ASN.1 format. Microsoft uses signtool.exe to create these signature entries, but an Open Source solution exists, called [~~git~~https://git.kernel.~~ubuntu.com~~org/pub/scm/linux/kernel/git/jkjejb/~~sbsigntool~~sbsigntools.git sbsigntool] (also available on [https://github.com/imedias/sbsigntool github] with debian packaging). == CLI / .Net ==

PE: Difference between revisions