Set-SecureBootUEFI
Set-SecureBootUEFI
Sets the Secure Boot-related UEFI variables such as Platform Key, Key Exchange Key, Signature Database and Forbidden Signature Database.
構文
Parameter Set: __AllParameterSets
Set-SecureBootUEFI -Name <String> -Time <String> [-AppendWrite] [-OutputFilePath <String> ] [-SignedFilePath <String> ] [ <CommonParameters>]
Parameter Set: ContentsFromByteArray
Set-SecureBootUEFI [-Content <Byte[]> ] [ <CommonParameters>]
Parameter Set: ContentsFromFile
Set-SecureBootUEFI [-ContentFilePath <String> ] [ <CommonParameters>]
詳細説明
The Set-SecureBootUEFI cmdlet takes a formatted content object that is created by running the Format-SecureBootUEFI cmdlet and a signed file, combines the twos and attempts to set the package in one of the Secure Boot variables. The supported Secure Boot variables include Platform Key (PK), Key Exchange Key (KEK), Signature Database (DB), and Forbidden Signature Database (DBX).
This cmdlet returns an UEFIEnvironmentVariable object if successful, otherwise displays an error.
This cmdlet runs on both UEFI and BIOS (non-UEFI) computer.If the computer does not support Secure Boot or is a non-UEFI computer, then this cmdlet returns an error displaying the following: Cmdlet not supported on this platform.
If Windows PowerShell® is not run in administrator mode, then this cmdlet returns an error displaying the following: Unable to set proper privileges. Access was denied.
If the signed file supplied to this cmdlet is not valid, then this cmdlet returns an error displaying the following: Incorrect authentication data.
パラメーター
-AppendWrite
Indicates that the contents of the current variable are appended instead of overwritten.
エイリアス |
なし |
必須? |
false |
位置は? |
named |
既定値 |
なし |
パイプライン入力を許可する |
True (ByPropertyName) |
ワイルドカード文字を許可する |
false |
-Content<Byte[]>
Specifies the byte contents of the variable being set.
エイリアス |
なし |
必須? |
false |
位置は? |
named |
既定値 |
なし |
パイプライン入力を許可する |
True (ByPropertyName) |
ワイルドカード文字を許可する |
false |
-ContentFilePath<String>
Specifies the file that contains the contents that is being set to the environment variable.
If only the name is specified, then the file must be in the current working directory; otherwise the full path of the file must be specified.
エイリアス |
なし |
必須? |
false |
位置は? |
named |
既定値 |
なし |
パイプライン入力を許可する |
false |
ワイルドカード文字を許可する |
false |
-Name<String>
Specifies the name of the UEFI environment variable. このパラメーターに対して使用できる値: PK, KEK, DB, or DBX.
エイリアス |
なし |
必須? |
true |
位置は? |
named |
既定値 |
なし |
パイプライン入力を許可する |
True (ByPropertyName) |
ワイルドカード文字を許可する |
false |
-OutputFilePath<String>
Specifies the name of the file created that contains the contents of what is set. If this parameter is specified, then the content are not actually set, just stored into this file.
The file is created in the specified path location.
エイリアス |
なし |
必須? |
false |
位置は? |
named |
既定値 |
なし |
パイプライン入力を許可する |
false |
ワイルドカード文字を許可する |
false |
-SignedFilePath<String>
Specifies the signed data that is paired with the contents that are being set to the environment variable.
If only the name is specified, then the file must be in the current working directory; otherwise the full path of the file must be specified.
エイリアス |
なし |
必須? |
false |
位置は? |
named |
既定値 |
なし |
パイプライン入力を許可する |
false |
ワイルドカード文字を許可する |
false |
-Time<String>
Specifies the timestamp that is used in the signature. This parameter value should be formatted as follows so that it will be accepted by the DateTime object. "2011-11-01T13:30:00Z"
エイリアス |
なし |
必須? |
true |
位置は? |
named |
既定値 |
なし |
パイプライン入力を許可する |
True (ByPropertyName) |
ワイルドカード文字を許可する |
false |
<CommonParameters>
このコマンドレットは次の共通パラメーターをサポートします。-Verbose、-Debug、-ErrorAction、-ErrorVariable、-OutBuffer、-OutVariable.詳細については、以下を参照してください。 about_CommonParameters (https://go.microsoft.com/fwlink/p/?LinkID=113216)。
入力
入力型は、コマンドレットにパイプできるオブジェクトの型です。
Microsoft.SecureBoot.Commands.UEFIFormattedVariable
The UEFIFormattedVariable object contains the information for the Name, Time, Content, and AppendWrite parameters.
出力
出力型は、コマンドレットによって生成されるオブジェクトの型です。
Microsoft.SecureBoot.Commands.UEFIEnvironmentVariable
The UEFIEnvironmentVariable object contains the following properties:
-- Name
-- Guid
-- Bytes
-- Attributes
例
EXAMPLE 1
This example sets the information obtained from the Format-SecureBootUEFI cmdlet to the DBX UEFI variable. This cmdlet supplies a path to the signed package to be authenticated. The file named GeneratedFileToSign.bin is a digest created by the Format-SecureBootUEFI cmdlet that needs to be signed according to the UEFI specification. The second command runs the SignTool.exe tool from the current directory to sign the digest. The SignTool.exe tool can be downloaded from Windows Software Development Kit (SDK) for Windows 8 on MSDN.
PS C:\> $objectFromFormat = ( Format-SecureBootUEFI -Name DBX -SignatureOwner 12345678-1234-1234-1234-123456789abc -Algorithm SHA256 -Hash 0011223344556677889900112233445566778899001122334455667788990011 -SignableFilePath GeneratedFileToSign.bin -Time 2011-11-01T13:30:00Z -AppendWrite )
PS C:\>.\signtool.exe sign /fd sha256 /p7 .\ /p7co 1.2.840.113549.1.7.1 /p7ce DetachedSignedData /a /f PrivateKey.pfxGeneratedFileToSign.bin
PS C:\> $objectFromFormat | Set-SecureBootUEFI -SignedFilePath GeneratedFileToSign.bin.p7
EXAMPLE 2
This example sets the formatted data that was written to file FormattedVariable.bin to the DBX UEFI variable. This cmdlet supplies a path to the signed package to be authenticated.
PS C:\> Set-SecureBootUEFI -ContentFilePath FormattedVariable.bin -SignedFilePath GeneratedFileToSign.bin.p7
EXAMPLE 3
This example creates formatted data that is not signed and sets the unsigned data into the UEFI variable named db.
PS C:\> $objectFromFormat = ( Format-SecureBootUEFI -Name DB -SignatureOwner 12345678-1234-1234-1234-123456789abc –Time 2011-11-01T13:30:00Z -CertificateFilePath db.cer –FormatWithCert )
PS C:\> $objectFromFormat | Set-SecureBootUEFI