Your company here — click to reach over 10,000 unique daily visitors

pesign-client - Man Page

tool for signing UEFI applications with a pesign server


pesign-client[-i file] [-o file] [-e file] [-t token] [-c nickname] ⟨[-k |] [-q |] [-s |] [-u]⟩ [-f fd] [-F file]


pesign-client is a command line tool for manipulating signatures and cryptographic digests of UEFI applications.


-i file | --infile file

The input binary file to be signed with --sign

-o file | --outfile file

The output binary file to be signed with --sign

-e file | --export file

Export signature from --sign to file

-t token | --token token

Sign using NSS token token

-c nickname | --certificate nickname

Sign using NSS certificate nickname

-k | --kill

Kill the pesign server

-q | --is-unlocked

Query the lock status of the token specified by --token

-s | --sign

Sign the file specified by --infile

-u | --unlock

Unlock the token specified with --token using the PIN read from --pinfd or --pinfile, or specified by PESIGN_TOKEN_PIN

-f fd | --pinfd fd

File descriptor to read the PIN from for --unlock

-F file | --pinfile file

File to read the PIN from for unlock



PIN for use with --unlock for the token specified by -fl -token

See Also

pesign(1), certutil(1)


Peter Jones

Referenced By


June 4, 2020