imgdecrypt [--name <name>] [--timeout <timeout>] [--keep] <uri|image> <envelope uri|image>
imgdecrypt http://192.168.0.1/vmlinuz.dat http://129.168.0.1/vmlinuz.env boot vmlinuz
Decrypts an encrypted image using the specified encryption envelope, using a private key embedded into the iPXE binary at build time.
A name for the decrypted image can be specified using the --name
option. If no name is specified, then a default name will be constructed by stripping any suffix (such as .dat
).
A download progress timeout can be specified (in milliseconds) using the --timeout
option.
The envelope image will be automatically discarded unless the --keep
option is specified.
Success | The image was successfully decrypted |
---|---|
Failure | The image was not successfully decrypted |
This command is available only when the build option IMAGE_CRYPT_CMD
is enabled.
The envelope file may be in PEM or DER format.
The private key must be embedded into the iPXE binary at build time using the PRIVKEY=…
build parameter as described in the iPXE cryptography guide.
The certificate corresponding to the private key must either be embedded into the iPXE binary at build time using the CERT=…
build parameter, or obtained at runtime using the certstore
command.
The iPXE cryptography guide demonstrates the process of creating an encrypted image and the corresponding encryption envelope.