This(1) Verified boot kernel utility

SYNOPSIS

vbutil_kernel --pack <file> [PARAMETERS]

DESCRIPTION

This program creates, signs, and verifies the kernel blob
Required parameters:
--keyblock <file>
Key block in .keyblock format
--signprivate <file>
Private key to sign kernel data, in .vbprivk format
--version <number>
Kernel version
--vmlinuz <file>
Linux kernel bzImage file
--bootloader <file>
Bootloader stub
--config <file>
Command line file
--arch <arch>
Cpu architecture (default x86)
Optional:
--kloadaddr <address>
Assign kernel body load address
--pad <number>
Verification padding size in bytes
--vblockonly
Emit just the verification blob

OR

Usage: vbutil_kernel --repack <file> [PARAMETERS]

Required parameters:
--signprivate <file>
Private key to sign kernel data, in .vbprivk format
--oldblob <file>
Previously packed kernel blob (including verfication blob)
Optional:
--keyblock <file>
Key block in .keyblock format
--config <file>
New command line file
--version <number>
Kernel version
--kloadaddr <address>
Assign kernel body load address
--pad <number>
Verification blob size in bytes
--vblockonly
Emit just the verification blob

OR

Usage: vbutil_kernel --verify <file> [PARAMETERS]

Optional:
--signpubkey <file>
Public key to verify kernel keyblock, in .vbpubk format
--verbose
Print a more detailed report
--keyblock <file>
Outputs the verified key block, in .keyblock format
--pad <number>
Verification padding size in bytes
--minversion <number>
Minimum combined kernel key version and kernel version

Usage: vbutil_kernel --pack <file> [PARAMETERS]

Required parameters:
--keyblock <file>
Key block in .keyblock format
--signprivate <file>
Private key to sign kernel data, in .vbprivk format
--version <number>
Kernel version
--vmlinuz <file>
Linux kernel bzImage file
--bootloader <file>
Bootloader stub
--config <file>
Command line file
--arch <arch>
Cpu architecture (default x86)
Optional:
--kloadaddr <address>
Assign kernel body load address
--pad <number>
Verification padding size in bytes
--vblockonly
Emit just the verification blob

OR

Usage: vbutil_kernel --repack <file> [PARAMETERS]

Required parameters:
--signprivate <file>
Private key to sign kernel data, in .vbprivk format
--oldblob <file>
Previously packed kernel blob (including verfication blob)
Optional:
--keyblock <file>
Key block in .keyblock format
--config <file>
New command line file
--version <number>
Kernel version
--kloadaddr <address>
Assign kernel body load address
--pad <number>
Verification blob size in bytes
--vblockonly
Emit just the verification blob

OR

Usage: vbutil_kernel --verify <file> [PARAMETERS]

Optional:
--signpubkey <file>
Public key to verify kernel keyblock, in .vbpubk format
--verbose
Print a more detailed report
--keyblock <file>
Outputs the verified key block, in .keyblock format
--pad <number>
Verification padding size in bytes
--minversion <number>
Minimum combined kernel key version and kernel version