PowerShell Logo Small

Format-SecureBootUEFI



This is the built-in help made by Microsoft for the command 'Format-SecureBootUEFI', in PowerShell version 4 - as retrieved from Windows version 'Microsoft Windows 8.1 Enterprise' PowerShell help files on 2016-06-23.

For PowerShell version 3 and up, where you have Update-Help, this command was run just before creating the web pages from the help files.

SYNOPSIS

Formats certificates or hashes into a content object that is returned and creates a file that is ready to be signed.

SYNTAX


Format-SecureBootUEFI [-AppendWrite] [-ContentFilePath <String>] -Algorithm <String> -Hash <String[]> -SignatureOwner <Guid> [<CommonParameters>]
Format-SecureBootUEFI [-AppendWrite] [-ContentFilePath <String>] [-FormatWithCert] -CertificateFilePath <String[]> -SignatureOwner <Guid> [<CommonParameters>]
Format-SecureBootUEFI -Delete [<CommonParameters>]
Format-SecureBootUEFI [-SignableFilePath <String>] [-Time <String>] -Name <String> [<CommonParameters>]



Search powershellhelp.space

DESCRIPTION


The Format-SecureBootUEFI cmdlet receives certificates or hashes as input and formats the input into a content object that is returned. This returned object will be u
sed by the Set-SecureBootUEFI cmdlet for actually updating the variable. If a signable file is specified, then this cmdlet creates a file with the specified name that
needs to be signed.


This cmdlet will run on both UEFI and BIOS (non-UEFI) computers.



<

RELATED LINKS

Online Version: http://go.microsoft.com/fwlink/p/?linkid=289483
Confirm-SecureBootUEFI
Get-SecureBootPolicy
Get-SecureBootUEFI
Set-SecureBootUEFI

REMARKS

<

Examples


EXAMPLE 1

PS C:\> Format-SecureBootUefi -Name PK -SignatureOwner 12345678-1234-1234-1234-123456789abc -CertificateFilePath PK.cer -SignableFilePath GeneratedFileToSign.bin -Tim
e 2011-11-01T13:30:00Z | Format-List
Name : PK
Time : 2011-11-01T13:30:00Z
AppendWrite : False
Content : {232, 102, 87, 60...}



This example formats the private key in PK.cer being piped into the Set-SecureBootUEFI cmdlet.




EXAMPLE 2

PS C:\> Format-SecureBootUEFI -Name DBX -SignatureOwner 12345678-1234-1234-1234-123456789abc -Algorithm SHA256 -Hash 0011223344556677889900112233445566778899001122334
455667788990011 -SignableFilePath GeneratedFileToSign.bin -Time 2011-11-01T13:30:00Z -AppendWrite | Format-List
Name : dbx
Time : 2011-11-01T13:30:00Z
AppendWrite : True
Content : {18, 165, 108, 130...}



This example formats the hash being appended to the DBX UEFI variable when piped into the Set-SecureBootUEFI cmdlet.




EXAMPLE 3

PS C:\> Format-SecureBootUEFI -Name KEK -Delete -SignableFilePath GeneratedFileToSign.bin -Time 2011-11-01T13:30:00Z | Format-List
Name : KEK
Time : 2011-11-01T13:30:00Z
AppendWrite : False
Content :



This example formats the KEK UEFI variable being deleted when piped into the Set-SecureBootUEFI cmdlet.