NAME¶

virt-fw-vars - manual page for virt-fw-vars 1.4

SYNOPSIS¶

virt-fw-vars [options]

The virt-fw-vars utility can print and modify UEFI variable stores. Supported formats are standard edk2 (as used by ovmf and armvirt) and aws.

-d VAR, --delete=VAR: delete variable VAR, can be specified multiple times
--set-true=VAR: set variable VAR to true, can be specified multiple times
--set-false=VAR: set variable VAR to false, can be specified multiple times
--set-json=FILE: set variables from json dump FILE

--set-boot-uri=LINK: set network boot uri to LINK (once, using BootNext)
--append-boot-filepath=FILE: append boot entry for FILE (permanent, using BootOrder)

--set-pk=('GUID', 'FILE'): set PK to x509 cert, loaded in pem format from FILE and with owner GUID
--add-kek=('GUID', 'FILE'): add x509 cert to KEK, loaded in pem format from FILE and with owner GUID, can be specified multiple times
--add-db=('GUID', 'FILE'): add x509 cert to db, loaded in pem format from FILE and with owner GUID, can be specified multiple times
--add-mok=('GUID', 'FILE'): add x509 cert to MokList, loaded in pem format from FILE and with owner GUID, can be specified multiple times
--add-db-hash=('GUID', 'HASH'): add sha256 HASH to db, with owner GUID, can be specified multiple times
--add-mok-hash=('GUID', 'HASH'): add sha256 HASH to MokList, with owner GUID, can be specified multiple times

-o FILE, --output=FILE: write edk2 or aws vars to FILE, using the same format the --input FILE has.
--output-aws=FILE: write aws vars to FILE
--output-json=FILE: write json dump to FILE

Print variable store.: virt-fw-vars --input ${guest}_VARS.fd \
--print --vwerbose
Enroll default (microsoft) secure boot certificates: virt-fw-vars --input OVMF_VARS.fd \
--output OVMF_VARS.secboot.fd \
--enroll-redhat \
--secure-boot

Gerd Hoffmann <kraxel@redhat.com>

October 2022

virt-fw-vars 1.4

Source file:	virt-fw-vars.1.en.gz (from python3-virt-firmware 1.6-2.el9)
Source last updated:	2023-04-08 08:54:56
Converted to HTML:	2023-06-09 09:03:11