Verify an image as trusted


  imgverify [--signer <signer>] [--keep] <uri|image> <signature uri|image>


Verify the signature on an iPXE script

  imgverify script.ipxe script.ipxe.sig

Verify the signature on a Linux kernel

  kernel vga=788 splash=silent
  imgverify vmlinuz

Verify that pxelinux.0 was signed by

  imgverify --signer pxelinux.0 pxelinux.0.sig


Verifies an image using the specified digital signature and signer name. If no signer name is specified, any name will be accepted (provided that the signature is valid). The signature will be discarded after verification unless the --keep option is specified. If verification is successful, the image will be marked as trusted. For example:

  iPXE> kernel
  iPXE> imgstat
  pxelinux.0 : 26672 bytes [PXE] [SELECTED]
  iPXE> imgverify pxelinux.0
  iPXE> imgstat
  pxelinux.0 : 26672 bytes [PXE] [TRUSTED] [SELECTED]

Command status

Success The image was verified as trusted
Failure The image was not verified as trusted

See also

Build options

This command is available only when the build option IMAGE_TRUST_CMD is enabled.


To gain any benefit from using digital signatures, you will probably want to use the imgtrust command to ensure that only trusted images can be executed.

The signature file must be in DER format, and the certificate used to sign the code must possess the digitalSignature key usage extension and the codeSigning extended key usage extension.

The iPXE cryptography guide demonstrates the process of creating a code-signing certificate and digital signatures.

cmd/imgverify.txt ยท Last modified: 2012/03/24 23:56 by mcb30
Recent changes RSS feed CC Attribution-Share Alike 4.0 International Driven by DokuWiki
All uses of this content must include an attribution to the iPXE project and the URL
References to "iPXE" may not be altered or removed.