Cmdlets

Choose a cmdlet from the list on the left or search for a specific cmdlet. Choose a cmdlet from the list or search for a specific cmdlet.
About Help  Providers
 

Format-SecureBootUEFI

Format-SecureBootUEFI

microsoft.secureboot.commands.dll

Synopsis

Formats certificates or hashes into a content object that is returned and creates a file that is ready to be signed.

Syntax

Format-SecureBootUEFI [-AppendWrite] [-ContentFilePath] [-Algorithm] [-Hash] [-SignatureOwner] [<CommonParameters>]

Format-SecureBootUEFI [-AppendWrite] [-ContentFilePath] [-FormatWithCert] [-CertificateFilePath] [-SignatureOwner] [<CommonParameters>]

Format-SecureBootUEFI [-Delete] [<CommonParameters>]

Format-SecureBootUEFI [-SignableFilePath] [-Time] [-Name] [<CommonParameters>]

Detailed Description

The Format-SecureBootUEFI cmdlet receives certificates or hashes as input and formats the input into a content object that is returned. This returned object will be used by the Set-SecureBootUEFI cmdlet for actually updating the variable. If a signable file is specified, then this cmdlet creates a file with the specified name that needs to be signed.

This cmdlet will run on both UEFI and BIOS (non-UEFI) computers.

Parameters

-Algorithm <String>

Specifies, if this cmdlet is formatting hashes, which algorithm is being used. The acceptable values for this parameter are:  SHA1, SHA256, SHA384, or SHA512.

Aliases

None

Required?

true

Position

named

Default value

None

Accept pipeline input?

false

Accept wildcard characters?

false

-AppendWrite <SwitchParameter>

Indicates that the contents of the current variable is appended instead of overwritten.

Aliases

None

Required?

false

Position

named

Default value

false

Accept pipeline input?

false

Accept wildcard characters?

false

-CertificateFilePath <String[]>

Specifies a list of one or more files each containing a certificate that is used to generate the content object. If only the name is specified, then the file must be in the current working directory; otherwise the full path of the file must be specified.

Aliases

None

Required?

true

Position

named

Default value

None

Accept pipeline input?

false

Accept wildcard characters?

false

-ContentFilePath <String>

Specifies the name of the file that is created and contains the information for the content object that is generated by this cmdlet.

Aliases

None

Required?

false

Position

named

Default value

None

Accept pipeline input?

false

Accept wildcard characters?

false

-Delete <SwitchParameter>

Indicates that the content object, as well as the appropriate sign-able file, is created that deletes the variable.

Aliases

None

Required?

true

Position

named

Default value

False

Accept pipeline input?

false

Accept wildcard characters?

false

-FormatWithCert <SwitchParameter>

Indicates whether the certificate will be stored or just the public key. If this parameter is set, then the entire certificate is stored in the content object.

Aliases

None

Required?

false

Position

named

Default value

false

Accept pipeline input?

false

Accept wildcard characters?

false

-Hash <String[]>

Specifies a list of hashes that are used to generate the content.

Aliases

None

Required?

true

Position

named

Default value

None

Accept pipeline input?

false

Accept wildcard characters?

false

-Name <String>

Specifies the name of the UEFI environment variable. The acceptable values for this parameter are:  PK, KEK, DB, or DBX.

Aliases

None

Required?

true

Position

named

Default value

None

Accept pipeline input?

True (ByValue)

Accept wildcard characters?

false

-SignableFilePath <String>

Specifies the file that contains the contents of the data that is ready to be signed. If only the name is specified, then the file must be in the current working directory; otherwise the full path of the file must be specified.

Aliases

None

Required?

false

Position

named

Default value

None

Accept pipeline input?

false

Accept wildcard characters?

false

-SignatureOwner <Guid>

Specifies the GUID of the signature owner.

Aliases

None

Required?

true

Position

named

Default value

None

Accept pipeline input?

false

Accept wildcard characters?

false

-Time <String>

Specifies the timestamp that is used in the signature. This parameter value should be formatted as follows so that it will be accepted by the DateTime object. "2011-11-01T13:30:00Z"

Aliases

None

Required?

false

Position

named

Default value

None

Accept pipeline input?

false

Accept wildcard characters?

false

Input Type

System.String

Return Type

Microsoft.SecureBoot.Commands.UEFIFormattedVariable

Notes

None

Examples

EXAMPLE 1

This example formats the private key in PK.cer being piped into the Set-SecureBootUEFI cmdlet.

PS C:\> Format-SecureBootUefi -Name PK -SignatureOwner 12345678-1234-1234-1234-123456789abc -CertificateFilePath PK.cer -SignableFilePath GeneratedFileToSign.bin -Time 2011-11-01T13:30:00Z | Format-List
Name        : PK 
Time        : 2011-11-01T13:30:00Z 
AppendWrite : False 
Content     : {232, 102, 87, 60...} 

EXAMPLE 2

This example formats the hash being appended to the DBX UEFI variable when piped into the Set-SecureBootUEFI cmdlet.

PS C:\> Format-SecureBootUEFI -Name DBX -SignatureOwner 12345678-1234-1234-1234-123456789abc -Algorithm SHA256 -Hash 0011223344556677889900112233445566778899001122334455667788990011 -SignableFilePath GeneratedFileToSign.bin -Time 2011-11-01T13:30:00Z -AppendWrite | Format-List
Name        : dbx 
Time        : 2011-11-01T13:30:00Z 
AppendWrite : True 
Content     : {18, 165, 108, 130...} 

EXAMPLE 3

This example formats the KEK UEFI variable being deleted when piped into the Set-SecureBootUEFI cmdlet.

PS C:\> Format-SecureBootUEFI -Name KEK -Delete -SignableFilePath GeneratedFileToSign.bin -Time 2011-11-01T13:30:00Z | Format-List
Name        : KEK 
Time        : 2011-11-01T13:30:00Z 
AppendWrite : False 
Content     : 

Online Version
Confirm-SecureBootUEFI
Get-SecureBootPolicy
Get-SecureBootUEFI
Set-SecureBootUEFI