Skip to content

systemd-sbsign: add verb to verify signed EFI binaries #35594

@jammie-jelly

Description

@jammie-jelly

Component

systemd

Is your feature request related to a problem? Please describe

With systemd-sbsign signing images, would be good to also include verification for the signed images.

Describe the solution you'd like

sbsigntools currently provides verification with sbverify, example:

sbverify --list /boot/EFI/Linux/${machineid}-6.11.5-arch1-1.efi
signature 1
image signature issuers:
 - /CN=Foo
image signature certificates:
 - subject: /CN=Foo
   issuer:  /CN=Foo

Describe alternatives you've considered

No response

The systemd version you checked that didn't have the feature you are asking for

257-1-arch

Metadata

Metadata

Assignees

No one assigned

    Labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions