The standard mode for listing certificates as used in eg --list-enrolled dumps something equivalent to openssl x509 -text to stdout. That's rather hard to read and also hard to grep. How about implementing a short listing with one cert per line? It could only show eg CN and fingerprint. Something like
bca4e38 SUSE Linux Enterprise Secure Boot CA
eb9d9d0 Nvidia private build
66bbf17 Local build for nvidia-gfxG05 470.141.03 on 2022-09-08
1f67329 openSUSE Secure Boot Signkey
580a6f4 Microsoft Windows Production PCA 2011
46def63 Microsoft Corporation UEFI CA 2011
4090599 SUSE Linux Enterprise Secure Boot Signkey
The standard mode for listing certificates as used in eg --list-enrolled dumps something equivalent to
openssl x509 -text
to stdout. That's rather hard to read and also hard to grep. How about implementing a short listing with one cert per line? It could only show eg CN and fingerprint. Something like