VIRT-FW-VARS(1) | User Commands | VIRT-FW-VARS(1) |
NAME¶
virt-fw-vars - manual page for virt-fw-vars 1.4
SYNOPSIS¶
virt-fw-vars [options]
DESCRIPTION¶
The virt-fw-vars utility can print and modify UEFI variable stores. Supported formats are standard edk2 (as used by ovmf and armvirt) and aws.
OPTIONS¶
- -h, --help
- show this help message and exit
- -l LEVEL, --loglevel=LEVEL
- set loglevel to LEVEL
- -i FILE, --input=FILE
- read edk2 or aws vars from FILE
- --extract-certs
- extract all certificates
- Variable options:
- -d VAR, --delete=VAR
- delete variable VAR, can be specified multiple times
- --set-true=VAR
- set variable VAR to true, can be specified multiple times
- --set-false=VAR
- set variable VAR to false, can be specified multiple times
- --set-json=FILE
- set variables from json dump FILE
- Boot configuration:
- --set-boot-uri=LINK
- set network boot uri to LINK (once, using BootNext)
- --append-boot-filepath=FILE
- append boot entry for FILE (permanent, using BootOrder)
- Secure boot setup options:
- --set-pk=('GUID', 'FILE')
- set PK to x509 cert, loaded in pem format from FILE and with owner GUID
- --add-kek=('GUID', 'FILE')
- add x509 cert to KEK, loaded in pem format from FILE and with owner GUID, can be specified multiple times
- --add-db=('GUID', 'FILE')
- add x509 cert to db, loaded in pem format from FILE and with owner GUID, can be specified multiple times
- --add-mok=('GUID', 'FILE')
- add x509 cert to MokList, loaded in pem format from FILE and with owner GUID, can be specified multiple times
- --add-db-hash=('GUID', 'HASH')
- add sha256 HASH to db, with owner GUID, can be specified multiple times
- --add-mok-hash=('GUID', 'HASH')
- add sha256 HASH to MokList, with owner GUID, can be specified multiple times
- Secure boot convinience shortcuts:
- --enroll-redhat
- enroll default certificates for redhat platform
- --no-microsoft
- do not add microsoft keys
- --distro-keys=DISTRO
- add ca keys for DISTRO
- --sb, --secure-boot
- enable secure boot mode
- Print options:
- -p, --print
- print varstore
- -v, --verbose
- print varstore verbosely
- -x, --hexdump
- print variable hexdumps
- Output options:
- -o FILE, --output=FILE
- write edk2 or aws vars to FILE, using the same format the --input FILE has.
- --output-aws=FILE
- write aws vars to FILE
- --output-json=FILE
- write json dump to FILE
EXAMPLES¶
- Print variable store.
- virt-fw-vars --input ${guest}_VARS.fd \
--print --vwerbose - Enroll default (microsoft) secure boot certificates
- virt-fw-vars --input OVMF_VARS.fd \
--output OVMF_VARS.secboot.fd \
--enroll-redhat \
--secure-boot
AUTHOR¶
Gerd Hoffmann <kraxel@redhat.com>
October 2022 | virt-fw-vars 1.4 |