DOKK / manpages / debian 12 / efitools / efi-readvar.1.en
EFI-READVAR(1) User Commands EFI-READVAR(1)

efi-readvar - tool for showing secure variables

efi-readvar: [-v <var>] [-s <list>[-<entry>]] [-o <file>]

with no arguments, prints out the entire secure variable database and expands the contents of hashes and X509 certificates. May be restricted to specific variables and specific signatures within variables. Note that EFI signature lists are numbered from zero and may contain one or more entries (also numbered from zero), so 0-0 represents the first entry of signature list zero.

List the contents of the UEFI signature databases

list only the contents of <var>
list only a given signature list (and optionally
only a given entry in that list
output the requested signature lists to <file>

To see all the variables, type

efi-readvars

To see the second entry of signature list 1 for the db variable, do

efi-readvars -v db -s 1-1

To see all entries of signature list 0 for the KEK

efi-readvars -v KEK -s 0

June 2022 efi-readvar 1.9.2