Your company here — click to reach over 10,000 unique daily visitors

efi-readvar - Man Page

tool for showing secure variables


efi-readvar: [-v <var>] [-s <list>[-<entry>]] [-o <file>]


with no arguments, prints out the entire secure variable database and expands the contents of hashes and X509 certificates.  May be restricted to specific variables and specific signatures within variables.  Note that EFI signature lists are numbered from zero and may contain one or more entries (also numbered from zero), so 0-0 represents the first entry of signature list zero.

List the contents of the UEFI signature databases


-v <var>

list only the contents of <var>

-s <list>[-<entry>]

list only a given signature list (and optionally

only a given entry in that list

-o <file>

output the requested signature lists to <file>


To see all the variables, type


To see the second entry of signature list 1 for the db variable, do

efi-readvars -v db -s 1-1

To see all entries of signature list 0 for the KEK

efi-readvars -v KEK -s 0


December 2022 efi-readvar 1.9.2