vbutil_kernel (1)

Verified boot kernel utility

  1. Carta.tech
  2. Man Pages
  3. Executable programs or shell commands
  4. vbutil_kernel: Verified boot kernel utility
  1. Carta.tech
  2. Packages
  3. vboot-kernel-utils
  4. vbutil_kernel: Verified boot kernel utility

SYNOPSIS

vbutil_kernel --pack <file> [PARAMETERS]

DESCRIPTION

This program creates, signs, and verifies the kernel blob

  • Required parameters:

--keyblock <file>

Key block in .keyblock format

--signprivate <file>

Private key to sign kernel data, in .vbprivk format

--version <number>

Kernel version

--vmlinuz <file>

Linux kernel bzImage file

--bootloader <file>

Bootloader stub

--config <file>

Command line file

--arch <arch>

Cpu architecture (default x86)

  • Optional:

--kloadaddr <address>

Assign kernel body load address

--pad <number>

Verification padding size in bytes

--vblockonly

Emit just the verification blob

OR

Usage: vbutil_kernel --repack <file> [PARAMETERS]

  • Required parameters:

--signprivate <file>

Private key to sign kernel data, in .vbprivk format

--oldblob <file>

Previously packed kernel blob (including verfication blob)

  • Optional:

--keyblock <file>

Key block in .keyblock format

--config <file>

New command line file

--version <number>

Kernel version

--kloadaddr <address>

Assign kernel body load address

--pad <number>

Verification blob size in bytes

--vblockonly

Emit just the verification blob

OR

Usage: vbutil_kernel --verify <file> [PARAMETERS]

  • Optional:

--signpubkey <file>

Public key to verify kernel keyblock, in .vbpubk format

--verbose

Print a more detailed report

--keyblock <file>

Outputs the verified key block, in .keyblock format

--pad <number>

Verification padding size in bytes

--minversion <number>

Minimum combined kernel key version and kernel version

Usage: vbutil_kernel --pack <file> [PARAMETERS]

  • Required parameters:

--keyblock <file>

Key block in .keyblock format

--signprivate <file>

Private key to sign kernel data, in .vbprivk format

--version <number>

Kernel version

--vmlinuz <file>

Linux kernel bzImage file

--bootloader <file>

Bootloader stub

--config <file>

Command line file

--arch <arch>

Cpu architecture (default x86)

  • Optional:

--kloadaddr <address>

Assign kernel body load address

--pad <number>

Verification padding size in bytes

--vblockonly

Emit just the verification blob

OR

Usage: vbutil_kernel --repack <file> [PARAMETERS]

  • Required parameters:

--signprivate <file>

Private key to sign kernel data, in .vbprivk format

--oldblob <file>

Previously packed kernel blob (including verfication blob)

  • Optional:

--keyblock <file>

Key block in .keyblock format

--config <file>

New command line file

--version <number>

Kernel version

--kloadaddr <address>

Assign kernel body load address

--pad <number>

Verification blob size in bytes

--vblockonly

Emit just the verification blob

OR

Usage: vbutil_kernel --verify <file> [PARAMETERS]

  • Optional:

--signpubkey <file>

Public key to verify kernel keyblock, in .vbpubk format

--verbose

Print a more detailed report

--keyblock <file>

Outputs the verified key block, in .keyblock format

--pad <number>

Verification padding size in bytes

--minversion <number>

Minimum combined kernel key version and kernel version

RELATED TO vbutil_kernel…

The full documentation for This is maintained as a Texinfo manual. If the info and This programs are properly installed at your site, the command

  • info This

should give you access to the complete manual.