Secure Boot Customization Guide - Technical whitepaper
Technical whitepaper
© Copyright 2017 HP Development Company, L.P.
2 Setting up a customized Secure Boot environment 12
In response to this command, you will have to provide an export password. If the command is successful, you will see
output similar to the following:
Figure 8 Sample output of creation of PFX file
At this point, you have the following files: PK.CRT, PK.KEY, and PK.PFX. The certificate you need to use is PK.CRT, but it is in a
base64-encoded format. For Secure Boot, this certificate must be in DER format. Thus, you must convert it to DER format:
Figure 9 Sample command line for conversion of certificate to DER format
If successful, you will see output similar to the following:
Figure 10 Sample output of successful DER format conversion
PK.CER is the DER-encoded x509 certificate that you can use for the Secure Boot customization. Again, this is for illustrative
purposes only. A real-world deployment would obtain this DER-encoded certificate from an HSM.
openssl x509 -outform der -in PK.CRT -out PK.CER