cert-to-efi-sig-list - tool for converting openssl certificates to EFI signature lists

       Take  an  input  X509 certificate (in PEM format) and convert it to an EFI signature list file containing
       only that single certificate

       To take a standard X509 certificate in PEM format and produce an output EFI signature list  file,  simply
       do

       cert-to-efi-sig-list PK.crt PK.esl

       Note  that the format of EFI signature list files is such that they can simply be concatenated to produce
       a file with multiple signatures:

       cat PK1.esl PK2.esl > PK.esl

       If your platform has a setup mode key manipulation ability, the keys will  often  only  be  displayed  by
       GUID,  so  using  the -g option to give your keys recognisable GUIDs will be useful if you plan to manage
       lots of keys.

       cert-to-efi-sig-list - tool for converting openssl certificates to EFI signature lists

-g <guid>
              Use <guid> as the owner of the signature. If this is not supplied, an all zero guid will be used

sign-efi-sig-list(1) for details on how to create an authenticated update to EFI  secure  variables  when
       the EFI system is in user mode.

cert-to-efi-sig-list 1.9.2                         March 2025                            CERT-TO-EFI-SIG-LIST(1)

cert-to-efi-sig-list [-g<guid>] <crtfile><efisiglistfile>