imgdecrypt [--name <name>] [--timeout <timeout>] [--keep]
<uri|image> <envelope uri|image>
imgdecrypt http://192.168.0.1/vmlinuz.dat http://129.168.0.1/vmlinuz.env boot vmlinuz
Decrypts an encrypted image using the specified encryption envelope, using a private key embedded into the iPXE binary at build time.
A name for the decrypted image can be specified using the --name option. If no name is specified, then a default name will be constructed by stripping any suffix (such as .dat).
A download progress timeout can be specified (in milliseconds) using the --timeout option.
The envelope image will be automatically discarded unless the --keep option is specified.
| Success | The image was successfully decrypted |
|---|---|
| Failure | The image was not successfully decrypted |
This command is available only when the build option IMAGE_CRYPT_CMD is enabled.
The envelope file may be in PEM or DER format.
The private key must be embedded into the iPXE binary at build time using the PRIVKEY=… build parameter as described in the iPXE cryptography guide.
The certificate corresponding to the private key must either be embedded into the iPXE binary at build time using the CERT=… build parameter, or obtained at runtime using the certstore command.
The iPXE cryptography guide demonstrates the process of creating an encrypted image and the corresponding encryption envelope.