Вчера добавили информацию в проекте TianoCore об утилитах подписи uefi образов и драйверов из Linux систем:
Linux Signing Tools Status
The following Linux hosted PE/COFF Signing Tools are being developed:
https://github.com/vathpela/pesign git://kernel.ubuntu.com/jk/sbsigntool
Secure Boot Results Linux Loaders and Kernels
EFI_STUB Kernel - has been signed with the Microsoft* SignTool and successfully secure booted. Fixes are available in tip:x86/efi branch at: http://git.kernel.org/?p=linux/kernel/git/tip/tip.git;a=shortlog;h=refs/heads...
efilinux Loader - has been signed with the Microsoft* SignTool and successfully secure booted. These fixes have been merged into the 'next' branch prior to being merged into the 'master' branch and a planned 1.1 release. https://github.com/mfleming/efilinux
The .reloc section fix on x86-64 was merged into the efi-linux library’s sourceforge repository and a new version was released (3.0q). UEFI Applications Built with UDK Linux Tool Chains
UDK GCC44 & GCC46 UDK Tool Chain
UEFI applications (such as HelloWorld.efi) built with the GCC44 and GCC46 UDK tool chains have been signed with the Microsoft* SignTool and successfully secure booted.
UDK UNIXGCC UDK Tool Chain
UEFI applications built with the UNIXGCC tool chain are not currently secure bootable. This problem is under investigation.