NAME

virt-fw-vars - manual page for virt-fw-vars 24.1

DESCRIPTION

The virt-fw-vars utility can print and modify UEFI variable stores. Supported formats are standard edk2 (as used by ovmf and armvirt) and aws.

usage: virt-fw-vars [-h] [-l LEVEL] [-i FILE] [--inplace FILE]

[--extract-certs] [-d VAR] [--set-true VAR]

[--set-false VAR] [--set-json FILE] [--set-boot-uri LINK] [--append-boot-filepath FILE] [--set-shim-debug] [--set-shim-verbose] [--set-fallback-verbose] [--set-fallback-no-reboot] [--set-sbat-level FILE] [--set-pk GUID FILE] [--add-kek GUID FILE] [--add-db GUID FILE] [--set-dbx FILE] [--add-mok GUID FILE] [--add-db-hash GUID HASH] [--add-mok-hash GUID HASH] [--enroll-redhat] [--enroll-cert CERT] [--enroll-generate CN] [--no-microsoft] [--distro-keys DISTRO] [--distro-list] [--sb] [-p] [-v] [-x] [-o FILE] [--output-aws FILE] [--output-json FILE]

Print and modify EFI variable stores.

EXAMPLES

Print variable store.

virt-fw-vars --input ${guest}_VARS.fd \
--print --verbose

Enroll default (microsoft) secure boot certificates

virt-fw-vars --input OVMF_VARS.fd \
--output OVMF_VARS.secboot.fd \
--enroll-redhat \
--secure-boot

AUTHOR

Gerd Hoffmann <kraxel@redhat.com>