efi签名提取

binwalk shimx64.efi

DECIMAL       HEXADECIMAL     DESCRIPTION
--------------------------------------------------------------------------------
0             0x0             Microsoft executable, portable (PE)
26243         0x6683          mcrypt 2.2 encrypted data, algorithm: blowfish-448, mode: CBC, keymode: 8bit
520512        0x7F140         SHA256 hash constants, little endian
574827        0x8C56B         Unix path: /usr/local/ssl/private
582272        0x8E280         Base64 standard index table
679440        0xA5E10         Certificate in DER format (x509 v3), header length: 4, sequence length: 1132
918693        0xE04A5         Certificate in DER format (x509 v3), header length: 4, sequence length: 1300
919997        0xE09BD         Certificate in DER format (x509 v3), header length: 4, sequence length: 1552
922619        0xE13FB         Certificate in DER format (x509 v3), header length: 4, sequence length: 1265
923888        0xE18F0         Certificate in DER format (x509 v3), header length: 4, sequence length: 1649

dd if=./shimx64.efi of=test1 skip=679440 count=239253 bs=1

openssl x509 -inform der -in test1 -out test1.pem

openssl x509 -in test1.pem -noout -text

其实都不用从DER转成PEM，直接

openssl x509 -in xxx.der -inform der -text

另外系统里查看BIOS有没有启用安全启动用

bootctl status