Secure Boot Customization Guide - Technical whitepaper
Technical whitepaper
© Copyright 2017 HP Development Company, L.P.
2 Setting up a customized Secure Boot environment 11
2.4.1 Generate a new PK
First, generate a self-signed certificate.
Figure 5 Sample command line for generation of a self-signed certificate
You will have to answer several questions. Sample output follows:
Figure 6 Sample output of generation of self-signed certificate
The command generates both a KEY file and a CRT file. To sign with a self-signing certificate, you will also need to create a
PFX file:
Figure 7 Sample command line to create a PFX file for signing
openssl req -x509 -sha256 -nodes -days 365 -newkey rsa:2048 -keyout PK.KEY -out PK.CRT
openssl pkcs12 -export -out PK.PFX -inkey PK.KEY -in PK.CRT