HelpCache/Microsoft.SecureBoot.Commands.dll-help.xml
<?xml version = "1.0" encoding = "utf-8" ?>
<helpItems schema="maml"> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"><command:details><command:name>Confirm-SecureBootUEFI</command:name><maml:description><maml:para>Confirms that Secure Boot is enabled by checking the Secure Boot status on the local computer.</maml:para></maml:description><maml:copyright><maml:para /></maml:copyright><command:verb>Confirm</command:verb><command:noun>SecureBootUEFI</command:noun><dev:version /></command:details><maml:description><maml:para>The Confirm-SecureBootUEFI cmdlet confirms that Secure Boot is enabled by checking the Secure Boot status on a UEFI computer.</maml:para><maml:para>If the computer supports Secure Boot and Secure Boot is enabled, then this cmdlet returns True.</maml:para><maml:para>If the computer supports Secure Boot and Secure Boot is disabled, then this cmdlet returns False.</maml:para><maml:para>If the computer does not support Secure Boot or is a BIOS (non-UEFI) computer, then this cmdlet returns an error displaying the following: Cmdlet not supported on this platform.</maml:para><maml:para>If Windows PowerShell® is not run in administrator mode, then this cmdlet returns an error displaying the following: Unable to set proper privileges. Access was denied.</maml:para><maml:para>This cmdlet requires that Windows PowerShell be run in administrator mode.</maml:para></maml:description><command:syntax><command:syntaxItem><maml:name>Confirm-SecureBootUEFI</maml:name></command:syntaxItem></command:syntax><command:parameters></command:parameters><command:inputTypes><command:inputType><dev:type><maml:name>None</maml:name><maml:uri></maml:uri><maml:description><maml:para /></maml:description></dev:type><maml:description><maml:para></maml:para></maml:description></command:inputType></command:inputTypes><command:returnValues><command:returnValue><dev:type><maml:name>System.Boolean</maml:name><maml:uri></maml:uri><maml:description><maml:para /></maml:description></dev:type><maml:description><maml:para>If the computer supports Secure Boot and Secure Boot is enabled, then this cmdlet returns True. If the computer supports Secure Boot and Secure Boot is disabled, then this cmdlet returns False. If the computer does not support Secure Boot or is a BIOS (non-UEFI) computer, then this cmdlet returns an error displaying the following: Cmdlet not supported on this platform. </maml:para></maml:description></command:returnValue></command:returnValues><command:terminatingErrors /><command:nonTerminatingErrors /><command:examples><command:example><maml:title>EXAMPLE 1</maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\> Confirm-SecureBootUEFI True </dev:code><dev:remarks><maml:para>This example checks whether or not Secure Boot is enabled on the computer.</maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example></command:examples><maml:relatedLinks><maml:navigationLink><maml:linkText>Online Version:</maml:linkText><maml:uri>http://go.microsoft.com/fwlink/p/?linkid=289482</maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Format-SecureBootUEFI</maml:linkText><maml:uri /></maml:navigationLink><maml:navigationLink><maml:linkText>Get-SecureBootPolicy</maml:linkText><maml:uri /></maml:navigationLink><maml:navigationLink><maml:linkText>Get-SecureBootUEFI</maml:linkText><maml:uri /></maml:navigationLink><maml:navigationLink><maml:linkText>Set-SecureBootUEFI</maml:linkText><maml:uri /></maml:navigationLink></maml:relatedLinks></command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"><command:details><command:name>Format-SecureBootUEFI</command:name><maml:description><maml:para>Formats certificates or hashes into a content object that is returned and creates a file that is ready to be signed.</maml:para></maml:description><maml:copyright><maml:para /></maml:copyright><command:verb>Format</command:verb><command:noun>SecureBootUEFI</command:noun><dev:version /></command:details><maml:description><maml:para>The Format-SecureBootUEFI cmdlet receives certificates or hashes as input and formats the input into a content object that is returned. This returned object will be used by the Set-SecureBootUEFI cmdlet for actually updating the variable. If a signable file is specified, then this cmdlet creates a file with the specified name that needs to be signed.</maml:para><maml:para>This cmdlet will run on both UEFI and BIOS (non-UEFI) computers.</maml:para></maml:description><command:syntax><command:syntaxItem><maml:name>Format-SecureBootUEFI</maml:name><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AppendWrite</maml:name><maml:description><maml:para>Indicates that the contents of the current variable is appended instead of overwritten.</maml:para></maml:description></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>ContentFilePath</maml:name><maml:description><maml:para>Specifies the name of the file that is created and contains the information for the content object that is generated by this cmdlet.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Algorithm</maml:name><maml:description><maml:para>Specifies, if this cmdlet is formatting hashes, which algorithm is being used. The acceptable values for this parameter are: SHA1, SHA256, SHA384, or SHA512.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="true" variableLength="true" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Hash</maml:name><maml:description><maml:para>Specifies a list of hashes that are used to generate the content.</maml:para></maml:description><command:parameterValue required="true" variableLength="true">String[]</command:parameterValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>SignatureOwner</maml:name><maml:description><maml:para>Specifies the GUID of the signature owner.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Guid</command:parameterValue></command:parameter></command:syntaxItem><command:syntaxItem><maml:name>Format-SecureBootUEFI</maml:name><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AppendWrite</maml:name><maml:description><maml:para>Indicates that the contents of the current variable is appended instead of overwritten.</maml:para></maml:description></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>ContentFilePath</maml:name><maml:description><maml:para>Specifies the name of the file that is created and contains the information for the content object that is generated by this cmdlet.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>FormatWithCert</maml:name><maml:description><maml:para>Indicates whether the certificate will be stored or just the public key. If this parameter is set, then the entire certificate is stored in the content object.</maml:para></maml:description></command:parameter><command:parameter required="true" variableLength="true" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>CertificateFilePath</maml:name><maml:description><maml:para>Specifies a list of one or more files each containing a certificate that is used to generate the content object. If only the name is specified, then the file must be in the current working directory; otherwise the full path of the file must be specified. </maml:para></maml:description><command:parameterValue required="true" variableLength="true">String[]</command:parameterValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>SignatureOwner</maml:name><maml:description><maml:para>Specifies the GUID of the signature owner.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Guid</command:parameterValue></command:parameter></command:syntaxItem><command:syntaxItem><maml:name>Format-SecureBootUEFI</maml:name><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Delete</maml:name><maml:description><maml:para>Indicates that the content object, as well as the appropriate sign-able file, is created that deletes the variable.</maml:para></maml:description></command:parameter></command:syntaxItem><command:syntaxItem><maml:name>Format-SecureBootUEFI</maml:name><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>SignableFilePath</maml:name><maml:description><maml:para>Specifies the file that contains the contents of the data that is ready to be signed. If only the name is specified, then the file must be in the current working directory; otherwise the full path of the file must be specified. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Time</maml:name><maml:description><maml:para>Specifies the timestamp that is used in the signature. This parameter value should be formatted as follows so that it will be accepted by the DateTime object. "2011-11-01T13:30:00Z"</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="True (ByValue)" position="named" aliases=""><maml:name>Name</maml:name><maml:description><maml:para>Specifies the name of the UEFI environment variable. The acceptable values for this parameter are: PK, KEK, DB, or DBX.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter></command:syntaxItem></command:syntax><command:parameters><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Algorithm</maml:name><maml:description><maml:para>Specifies, if this cmdlet is formatting hashes, which algorithm is being used. The acceptable values for this parameter are: SHA1, SHA256, SHA384, or SHA512.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>AppendWrite</maml:name><maml:description><maml:para>Indicates that the contents of the current variable is appended instead of overwritten.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri /></dev:type><dev:defaultValue>false</dev:defaultValue></command:parameter><command:parameter required="true" variableLength="true" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>CertificateFilePath</maml:name><maml:description><maml:para>Specifies a list of one or more files each containing a certificate that is used to generate the content object. If only the name is specified, then the file must be in the current working directory; otherwise the full path of the file must be specified. </maml:para></maml:description><command:parameterValue required="true" variableLength="true">String[]</command:parameterValue><dev:type><maml:name>String[]</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>ContentFilePath</maml:name><maml:description><maml:para>Specifies the name of the file that is created and contains the information for the content object that is generated by this cmdlet.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Delete</maml:name><maml:description><maml:para>Indicates that the content object, as well as the appropriate sign-able file, is created that deletes the variable.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri /></dev:type><dev:defaultValue>False</dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>FormatWithCert</maml:name><maml:description><maml:para>Indicates whether the certificate will be stored or just the public key. If this parameter is set, then the entire certificate is stored in the content object.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri /></dev:type><dev:defaultValue>false</dev:defaultValue></command:parameter><command:parameter required="true" variableLength="true" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Hash</maml:name><maml:description><maml:para>Specifies a list of hashes that are used to generate the content.</maml:para></maml:description><command:parameterValue required="true" variableLength="true">String[]</command:parameterValue><dev:type><maml:name>String[]</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="True (ByValue)" position="named" aliases=""><maml:name>Name</maml:name><maml:description><maml:para>Specifies the name of the UEFI environment variable. The acceptable values for this parameter are: PK, KEK, DB, or DBX.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>SignableFilePath</maml:name><maml:description><maml:para>Specifies the file that contains the contents of the data that is ready to be signed. If only the name is specified, then the file must be in the current working directory; otherwise the full path of the file must be specified. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>SignatureOwner</maml:name><maml:description><maml:para>Specifies the GUID of the signature owner.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">Guid</command:parameterValue><dev:type><maml:name>Guid</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>Time</maml:name><maml:description><maml:para>Specifies the timestamp that is used in the signature. This parameter value should be formatted as follows so that it will be accepted by the DateTime object. "2011-11-01T13:30:00Z"</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter></command:parameters><command:inputTypes><command:inputType><dev:type><maml:name>System.String</maml:name><maml:uri></maml:uri><maml:description><maml:para /></maml:description></dev:type><maml:description><maml:para>The String object represents the UEFI variable name that may be output from the Get-SecureBootUEFI cmdlet.</maml:para></maml:description></command:inputType></command:inputTypes><command:returnValues><command:returnValue><dev:type><maml:name>Microsoft.SecureBoot.Commands.UEFIFormattedVariable</maml:name><maml:uri></maml:uri><maml:description><maml:para /></maml:description></dev:type><maml:description><maml:para>The UEFIFormattedVariable object contains information about the package that is built up to be set. The following members are part of the UEFIFormattedVariable object. -- A string named Name. -- A string named Time. -- A boolean named AppendWrite. -- An array of bytes named Content. The UEFIFormattedVariable object can be used to pipe into the Set-SecureBootUEFIcmdlet. </maml:para></maml:description></command:returnValue></command:returnValues><command:terminatingErrors /><command:nonTerminatingErrors /><command:examples><command:example><maml:title>EXAMPLE 1</maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\> Format-SecureBootUefi -Name PK -SignatureOwner 12345678-1234-1234-1234-123456789abc -CertificateFilePath PK.cer -SignableFilePath GeneratedFileToSign.bin -Time 2011-11-01T13:30:00Z | Format-List Name : PK Time : 2011-11-01T13:30:00Z AppendWrite : False Content : {232, 102, 87, 60...} </dev:code><dev:remarks><maml:para>This example formats the private key in PK.cer being piped into the Set-SecureBootUEFI cmdlet.</maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example><command:example><maml:title>EXAMPLE 2</maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\> Format-SecureBootUEFI -Name DBX -SignatureOwner 12345678-1234-1234-1234-123456789abc -Algorithm SHA256 -Hash 0011223344556677889900112233445566778899001122334455667788990011 -SignableFilePath GeneratedFileToSign.bin -Time 2011-11-01T13:30:00Z -AppendWrite | Format-List Name : dbx Time : 2011-11-01T13:30:00Z AppendWrite : True Content : {18, 165, 108, 130...} </dev:code><dev:remarks><maml:para>This example formats the hash being appended to the DBX UEFI variable when piped into the Set-SecureBootUEFI cmdlet.</maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example><command:example><maml:title>EXAMPLE 3</maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\> Format-SecureBootUEFI -Name KEK -Delete -SignableFilePath GeneratedFileToSign.bin -Time 2011-11-01T13:30:00Z | Format-List Name : KEK Time : 2011-11-01T13:30:00Z AppendWrite : False Content : </dev:code><dev:remarks><maml:para>This example formats the KEK UEFI variable being deleted when piped into the Set-SecureBootUEFI cmdlet.</maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example></command:examples><maml:relatedLinks><maml:navigationLink><maml:linkText>Online Version:</maml:linkText><maml:uri>http://go.microsoft.com/fwlink/p/?linkid=289483</maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Confirm-SecureBootUEFI</maml:linkText><maml:uri /></maml:navigationLink><maml:navigationLink><maml:linkText>Get-SecureBootPolicy</maml:linkText><maml:uri /></maml:navigationLink><maml:navigationLink><maml:linkText>Get-SecureBootUEFI</maml:linkText><maml:uri /></maml:navigationLink><maml:navigationLink><maml:linkText>Set-SecureBootUEFI</maml:linkText><maml:uri /></maml:navigationLink></maml:relatedLinks></command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"><command:details><command:name>Get-SecureBootPolicy</command:name><maml:description><maml:para>Gets the publisher GUID and the policy version of the Secure Boot configuration policy.</maml:para></maml:description><maml:copyright><maml:para /></maml:copyright><command:verb>Get</command:verb><command:noun>SecureBootPolicy</command:noun><dev:version /></command:details><maml:description><maml:para>The Get-SecureBootPolicy cmdlet gets the publisher GUID and the policy version of the Secure Boot configuration policy.</maml:para><maml:para>The cmdlet will run on both UEFI and BIOS (non-UEFI) computers.</maml:para><maml:para>If the computer does not support Secure Boot or is a non-UEFI computer, then this cmdlet returns an error displaying the following: Secure Boot policy is not enabled on this machine.</maml:para><maml:para>If Windows PowerShell® is not run in administrator mode, then this cmdlet returns an error displaying the following: Incorrect authentication data.</maml:para></maml:description><command:syntax><command:syntaxItem><maml:name>Get-SecureBootPolicy</maml:name></command:syntaxItem></command:syntax><command:parameters></command:parameters><command:inputTypes><command:inputType><dev:type><maml:name>None</maml:name><maml:uri></maml:uri><maml:description><maml:para /></maml:description></dev:type><maml:description><maml:para></maml:para></maml:description></command:inputType></command:inputTypes><command:returnValues><command:returnValue><dev:type><maml:name>Microsoft.SecureBoot.Commands.SecureBootPolicy</maml:name><maml:uri></maml:uri><maml:description><maml:para /></maml:description></dev:type><maml:description><maml:para>The SecureBootPolicy object contains information about the Secure Boot policy in place for the computer. Contains the following fields: -- A GUID named publisher. -- An unsigned 32-bit integer named version. </maml:para></maml:description></command:returnValue></command:returnValues><command:terminatingErrors /><command:nonTerminatingErrors /><command:examples><command:example><maml:title>EXAMPLE 1</maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\> Get-SecureBootPolicy | Format-List Publisher: 77fa9abd-0359-4d32-bd60-28f4e78f784b Version : 1 </dev:code><dev:remarks><maml:para>This example gets the publisher GUID and the policy version of the Secure Boot configuration policy.</maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example></command:examples><maml:relatedLinks><maml:navigationLink><maml:linkText>Online Version:</maml:linkText><maml:uri>http://go.microsoft.com/fwlink/p/?linkid=289485</maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Confirm-SecureBootUEFI</maml:linkText><maml:uri /></maml:navigationLink><maml:navigationLink><maml:linkText>Format-SecureBootUEFI</maml:linkText><maml:uri /></maml:navigationLink><maml:navigationLink><maml:linkText>Get-SecureBootUEFI</maml:linkText><maml:uri /></maml:navigationLink><maml:navigationLink><maml:linkText>Set-SecureBootUEFI</maml:linkText><maml:uri /></maml:navigationLink></maml:relatedLinks></command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"><command:details><command:name>Get-SecureBootUEFI</command:name><maml:description><maml:para>Gets the UEFI variable values related to Secure Boot such as the SetupMode, SecureBoot, KEK, PK, SignatureDatabase, and forbidden SignatureDatabase. </maml:para></maml:description><maml:copyright><maml:para /></maml:copyright><command:verb>Get</command:verb><command:noun>SecureBootUEFI</command:noun><dev:version /></command:details><maml:description><maml:para>The Get-SecureBootUEFI cmdlet gets the UEFI variable values related to Secure Boot which are: SetupMode, SecureBoot, KEK, PK, SignatureDatabase (DB), and forbidden SignatureDatabase (DBX).</maml:para><maml:para>If the computer does not support Secure Boot or is a BIOS (non-UEFI) computer, then this cmdlet will return an error displaying the following: Cmdlet not supported on this platform.</maml:para><maml:para>If the variable does not exist, then this cmdlet will return an error displaying the following: Variable is currently undefined.</maml:para><maml:para>If Windows PowerShell® is not run in administrator mode, then this cmdlet will return an error displaying the following: Unable to set proper privileges. Access was denied.</maml:para></maml:description><command:syntax><command:syntaxItem><maml:name>Get-SecureBootUEFI</maml:name><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="True (ByValue)" position="2" aliases=""><maml:name>Name</maml:name><maml:description><maml:para>Specifies the name of the UEFI environment variable.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>OutputFilePath</maml:name><maml:description><maml:para>Specifies the output file path of the UEFI environment variable.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter></command:syntaxItem></command:syntax><command:parameters><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="True (ByValue)" position="2" aliases=""><maml:name>Name</maml:name><maml:description><maml:para>Specifies the name of the UEFI environment variable.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>OutputFilePath</maml:name><maml:description><maml:para>Specifies the output file path of the UEFI environment variable.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter></command:parameters><command:inputTypes><command:inputType><dev:type><maml:name>System.String</maml:name><maml:uri></maml:uri><maml:description><maml:para /></maml:description></dev:type><maml:description><maml:para>The String object represents the UEFI variable name.</maml:para></maml:description></command:inputType></command:inputTypes><command:returnValues><command:returnValue><dev:type><maml:name>Microsoft.SecureBoot.Commands.UEFIEnvironmentVariable</maml:name><maml:uri></maml:uri><maml:description><maml:para /></maml:description></dev:type><maml:description><maml:para>The UEFIEnvironmentVariable object contains the following properties: -- Name -- Bytes -- Attributes </maml:para></maml:description></command:returnValue></command:returnValues><command:terminatingErrors /><command:nonTerminatingErrors /><command:examples><command:example><maml:title>EXAMPLE 1</maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\>Get-SecureBootUefi –Name PK | Format-List Name : PK Bytes : {161, 89, 192, 165...} Attributes : NON VOLATILE BOOTSERVICE ACCESS RUNTIME ACCESS TIME BASED AUTHENTICATED WRITE ACCESS </dev:code><dev:remarks><maml:para>This example gets information about PK from the UEFI variable.</maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example></command:examples><maml:relatedLinks><maml:navigationLink><maml:linkText>Online Version:</maml:linkText><maml:uri>http://go.microsoft.com/fwlink/p/?linkid=289486</maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Confirm-SecureBootUEFI</maml:linkText><maml:uri /></maml:navigationLink><maml:navigationLink><maml:linkText>Format-SecureBootUEFI</maml:linkText><maml:uri /></maml:navigationLink><maml:navigationLink><maml:linkText>Get-SecureBootPolicy</maml:linkText><maml:uri /></maml:navigationLink><maml:navigationLink><maml:linkText>Set-SecureBootUEFI</maml:linkText><maml:uri /></maml:navigationLink></maml:relatedLinks></command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"><command:details><command:name>Set-SecureBootUEFI</command:name><maml:description><maml:para>Sets the Secure Boot-related UEFI variables such as Platform Key, Key Exchange Key, Signature Database and Forbidden Signature Database.</maml:para></maml:description><maml:copyright><maml:para /></maml:copyright><command:verb>Set</command:verb><command:noun>SecureBootUEFI</command:noun><dev:version /></command:details><maml:description><maml:para>The Set-SecureBootUEFI cmdlet takes a formatted content object that is created by running the Format-SecureBootUEFI cmdlet and a signed file, combines the twos and attempts to set the package in one of the Secure Boot variables. The supported Secure Boot variables include Platform Key (PK), Key Exchange Key (KEK), Signature Database (DB), and Forbidden Signature Database (DBX).</maml:para><maml:para>This cmdlet returns an UEFIEnvironmentVariable object if successful, otherwise displays an error.</maml:para><maml:para>This cmdlet runs on both UEFI and BIOS (non-UEFI) computer.If the computer does not support Secure Boot or is a non-UEFI computer, then this cmdlet returns an error displaying the following: Cmdlet not supported on this platform.</maml:para><maml:para>If Windows PowerShell® is not run in administrator mode, then this cmdlet returns an error displaying the following: Unable to set proper privileges. Access was denied.</maml:para><maml:para>If the signed file supplied to this cmdlet is not valid, then this cmdlet returns an error displaying the following: Incorrect authentication data.</maml:para></maml:description><command:syntax><command:syntaxItem><maml:name>Set-SecureBootUEFI</maml:name><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>AppendWrite</maml:name><maml:description><maml:para>Indicates that the contents of the current variable are appended instead of overwritten.</maml:para></maml:description></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>OutputFilePath</maml:name><maml:description><maml:para>Specifies the name of the file created that contains the contents of what is set. If this parameter is specified, then the content are not actually set, just stored into this file. The file is created in the specified path location. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>SignedFilePath</maml:name><maml:description><maml:para>Specifies the signed data that is paired with the contents that are being set to the environment variable. If only the name is specified, then the file must be in the current working directory; otherwise the full path of the file must be specified. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>Name</maml:name><maml:description><maml:para>Specifies the name of the UEFI environment variable. The acceptable values for this parameter are: PK, KEK, DB, or DBX.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>Time</maml:name><maml:description><maml:para>Specifies the timestamp that is used in the signature. This parameter value should be formatted as follows so that it will be accepted by the DateTime object. "2011-11-01T13:30:00Z"</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter></command:syntaxItem><command:syntaxItem><maml:name>Set-SecureBootUEFI</maml:name><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>Content</maml:name><maml:description><maml:para>Specifies the byte contents of the variable being set.</maml:para></maml:description><command:parameterValue required="true" variableLength="true">Byte[]</command:parameterValue></command:parameter></command:syntaxItem><command:syntaxItem><maml:name>Set-SecureBootUEFI</maml:name><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>ContentFilePath</maml:name><maml:description><maml:para>Specifies the file that contains the contents that is being set to the environment variable. If only the name is specified, then the file must be in the current working directory; otherwise the full path of the file must be specified. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue></command:parameter></command:syntaxItem></command:syntax><command:parameters><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>AppendWrite</maml:name><maml:description><maml:para>Indicates that the contents of the current variable are appended instead of overwritten.</maml:para></maml:description><command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue><dev:type><maml:name>SwitchParameter</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>Content</maml:name><maml:description><maml:para>Specifies the byte contents of the variable being set.</maml:para></maml:description><command:parameterValue required="true" variableLength="true">Byte[]</command:parameterValue><dev:type><maml:name>Byte[]</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>ContentFilePath</maml:name><maml:description><maml:para>Specifies the file that contains the contents that is being set to the environment variable. If only the name is specified, then the file must be in the current working directory; otherwise the full path of the file must be specified. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>Name</maml:name><maml:description><maml:para>Specifies the name of the UEFI environment variable. The acceptable values for this parameter are: PK, KEK, DB, or DBX.</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>OutputFilePath</maml:name><maml:description><maml:para>Specifies the name of the file created that contains the contents of what is set. If this parameter is specified, then the content are not actually set, just stored into this file. The file is created in the specified path location. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="false" variableLength="false" globbing="false" pipelineInput="false" position="named" aliases=""><maml:name>SignedFilePath</maml:name><maml:description><maml:para>Specifies the signed data that is paired with the contents that are being set to the environment variable. If only the name is specified, then the file must be in the current working directory; otherwise the full path of the file must be specified. </maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter><command:parameter required="true" variableLength="false" globbing="false" pipelineInput="True (ByPropertyName)" position="named" aliases=""><maml:name>Time</maml:name><maml:description><maml:para>Specifies the timestamp that is used in the signature. This parameter value should be formatted as follows so that it will be accepted by the DateTime object. "2011-11-01T13:30:00Z"</maml:para></maml:description><command:parameterValue required="true" variableLength="false">String</command:parameterValue><dev:type><maml:name>String</maml:name><maml:uri /></dev:type><dev:defaultValue></dev:defaultValue></command:parameter></command:parameters><command:inputTypes><command:inputType><dev:type><maml:name>Microsoft.SecureBoot.Commands.UEFIFormattedVariable</maml:name><maml:uri></maml:uri><maml:description><maml:para /></maml:description></dev:type><maml:description><maml:para>The UEFIFormattedVariable object contains the information for the Name, Time, Content, and AppendWrite parameters.</maml:para></maml:description></command:inputType></command:inputTypes><command:returnValues><command:returnValue><dev:type><maml:name>Microsoft.SecureBoot.Commands.UEFIEnvironmentVariable</maml:name><maml:uri></maml:uri><maml:description><maml:para /></maml:description></dev:type><maml:description><maml:para>The UEFIEnvironmentVariable object contains the following properties: -- Name -- Guid -- Bytes -- Attributes </maml:para></maml:description></command:returnValue></command:returnValues><command:terminatingErrors /><command:nonTerminatingErrors /><command:examples><command:example><maml:title>EXAMPLE 1</maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\> $objectFromFormat = ( Format-SecureBootUEFI -Name DBX -SignatureOwner 12345678-1234-1234-1234-123456789abc -Algorithm SHA256 -Hash 0011223344556677889900112233445566778899001122334455667788990011 -SignableFilePath GeneratedFileToSign.bin -Time 2011-11-01T13:30:00Z -AppendWrite ) PS C:\>.\signtool.exe sign /fd sha256 /p7 .\ /p7co 1.2.840.113549.1.7.1 /p7ce DetachedSignedData /a /f PrivateKey.pfxGeneratedFileToSign.bin PS C:\> $objectFromFormat | Set-SecureBootUEFI -SignedFilePath GeneratedFileToSign.bin.p7 Name : dbx Bytes : {161, 89, 192, 165...} Attributes : NON VOLATILE BOOTSERVICE ACCESS RUNTIME ACCESS TIME BASED AUTHENTICATED WRITE ACCESS </dev:code><dev:remarks><maml:para>This example sets the information obtained from the Format-SecureBootUEFI cmdlet to the DBX UEFI variable. This cmdlet supplies a path to the signed package to be authenticated. The file named GeneratedFileToSign.bin is a digest created by the Format-SecureBootUEFI cmdlet that needs to be signed according to the UEFI specification. The second command runs the SignTool.exe tool from the current directory to sign the digest. The SignTool.exe tool can be downloaded from <maml:navigationLink><maml:linkText>Windows Software Development Kit (SDK) for Windows 8</maml:linkText><maml:uri></maml:uri></maml:navigationLink> on MSDN.</maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example><command:example><maml:title>EXAMPLE 2</maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\> Set-SecureBootUEFI -ContentFilePath FormattedVariable.bin -SignedFilePath GeneratedFileToSign.bin.p7 Name : dbx Bytes : {161, 89, 192, 165...} Attributes : NON VOLATILE BOOTSERVICE ACCESS RUNTIME ACCESS TIME BASED AUTHENTICATED WRITE ACCESS </dev:code><dev:remarks><maml:para>This example sets the formatted data that was written to file FormattedVariable.bin to the DBX UEFI variable. This cmdlet supplies a path to the signed package to be authenticated.</maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example><command:example><maml:title>EXAMPLE 3</maml:title><maml:introduction><maml:para></maml:para></maml:introduction><dev:code>PS C:\> $objectFromFormat = ( Format-SecureBootUEFI -Name DB -SignatureOwner 12345678-1234-1234-1234-123456789abc –Time 2011-11-01T13:30:00Z -CertificateFilePath db.cer –FormatWithCert ) PS C:\> $objectFromFormat | Set-SecureBootUEFI Name : db Bytes : {161, 89, 192, 165...} Attributes : NON VOLATILE BOOTSERVICE ACCESS RUNTIME ACCESS TIME BASED AUTHENTICATED WRITE ACCESS </dev:code><dev:remarks><maml:para>This example creates formatted data that is not signed and sets the unsigned data into the UEFI variable named db.</maml:para></dev:remarks><command:commandLines><command:commandLine><command:commandText /></command:commandLine></command:commandLines></command:example></command:examples><maml:relatedLinks><maml:navigationLink><maml:linkText>Online Version:</maml:linkText><maml:uri>http://go.microsoft.com/fwlink/p/?linkid=289487</maml:uri></maml:navigationLink><maml:navigationLink><maml:linkText>Confirm-SecureBootUEFI</maml:linkText><maml:uri /></maml:navigationLink><maml:navigationLink><maml:linkText>Format-SecureBootUEFI</maml:linkText><maml:uri /></maml:navigationLink><maml:navigationLink><maml:linkText>Get-SecureBootPolicy</maml:linkText><maml:uri /></maml:navigationLink><maml:navigationLink><maml:linkText>Get-SecureBootUEFI</maml:linkText><maml:uri /></maml:navigationLink></maml:relatedLinks></command:command> </helpItems> |