Since UEFI 2.2, firmware has provided a list of supported signature types for Secure Boot binaries in a global variable named "SignatureSupport".
This patch adds a new command line flag to efibootmgr, "--list-signature-types" ("-s") which collects that information from the firmware and displays it to the user, either by symbolic name if libefivar knows about that signature type or by GUID if it does not.
On the system in front of me, that looks something like this:
Since UEFI 2.2, firmware has provided a list of supported signature types for Secure Boot binaries in a global variable named "SignatureSupport".
This patch adds a new command line flag to efibootmgr, "--list-signature-types" ("-s") which collects that information from the firmware and displays it to the user, either by symbolic name if libefivar knows about that signature type or by GUID if it does not.
On the system in front of me, that looks something like this:
random:efibootmgr/signaturesupport$ ./src/efibootmgr -s x509_sha256 x509_sha384 x509_sha512 sha256 x509_cert rsa2048 rsa2048_sha256 rsa2048_sha1 external_management random:efibootmgr/signaturesupport$