1. System Requirment:
    1.1. Microsoft Windows 7 or later.

2. Usage:
For Signing Secure Image with a installed certificate
Usage: iEFIFlashSigner.exe sign [options]
    *   -n <NAME>       Specify the Subject Name of the signing cert, or a substring.
        -t <URL>        Specify the timestamp server's URL. If this option is not present,
                        the signed file will not be timestamped. A warning is generated if
                        timestamping fails.
    *   -bios <FILE>    Specify BIOS image for flash utility.
    *   -ini <FILE>     Specify platform.ini for flash utility.
        -ec <FILE>      Specify EC image for flash utility.
        -opath <PATH>   Specify output path.(Default: .\isflash.bin)
						Paths to a file or a folder are both acceptable.
						Example:
							-opath c:\test\bios.bin output to c:\test a file call bios.bin
							-opath c:\test\ output to c:\test a file call isflash.bin which is default name
							-opath c:\test output to c:\ a file call test
		-capsuleheader  Add capsule header in front of signed capsule file.
		-instant        Make capsule header's flag to 0
		-signtool <PATH> Specify the location of signtool.exe.
		-securebiosguard sign biosguard with capsule header.
		-sha512         sign bios by sha512 rather than sha256.
		
For Signning Secure Image with cryptographic service provider
Usage: IEFIFlashSigner.exe sign [options]
	*	-f	<FILE>		Specify the signing certificate file
	*	-c	<CSP>  		Specify the name of cryptographic service provider
	*	-k  <KEY>     	Specify the name of private key container
	*	-bios <FILE>	Specify BIOS image for flash utility
	*	-ini <FILE>		Specify platform.ini for flash utility
		-pass <pass1> [<pass2> <pass3>] 
						Specify passwords. 
						If 1 password is input, the tool always uses the same password.
						If 3 password is input, the tool uses passwords one by one.
		-ec <FILE> 		Specify EC image for flash utility
		-opath <PATH>	Specify output path.(Default: .\isflash.bin)
						Paths to a file or a folder are both acceptable.
						Example:
							-opath c:\test\bios.bin output to c:\test a file call bios.bin
							-opath c:\test\ output to c:\test a file call isflash.bin which is default name
							-opath c:\test output to c:\ a file call test
		-capsuleheader  Add capsule header in front of signed capsule file.
		-instant        Make capsule header's flag to 0
		-signtool <PATH> Specify the location of signtool.exe.
		-securebiosguard sign biosguard with capsule header.
		-sha512         sign bios by sha512 rather than sha256.

For Signing Flash Utility
Usage: iEFIFlashSigner.exe signefi [options]
    *   -in <FILE>      Specify flash utility for signing.
    *   -n <NAME>       Specify the Subject Name of the signing cert, or a substring.
        -t <URL>        Specify the timestamp server's URL. If this option is not present,
                        the signed file will not be timestamped. A warning is generated if
                        timestamping fails.

    *: The required arguments.

3. Output file name:
    isflash.bin

4. Example:
Sign bios image only:
    iEFIFlashSigner.exe sign -n "QA Certificate." -bios BIOS.fd -ini platform.ini
Sign bios and EC image:
    iEFIFlashSigner.exe sign -n "QA Certificate." -bios BIOS.fd -ini platform.ini -ec EC.rom
Sign PFAT bios image only:
    iEFIFlashSigner.exe sign -n "QA Certificate." -bios BIOS.fd
	
Sign bios image with cryptographic service provider:
	iEFIFlashSigner.exe sign -f "signing certificate file" -c "cryptographic service provider" 
	-k "private key container" -bios BIOS.fd -ini platform.ini -pass "password1" "password2" "password3"
	
Sign shell flash utility:
    iEFIFlashSigner.exe signefi -n "QA Certificate." -in isflashx64.efi
	
5. A possible issue with signtool.exe.
If some warning messages as the following are displayed after the tool's execution,
you could remove signtool.exe, mssign32.dll and wintrust.dll from the tool's folder,
and add the path of the signtool.exe installed in your Windows to "path" in environment variables.
Then, the tool would call the signtool.exe installed in your Windows.
	=========================== warning message ================================
	This application has requested the Runtime to terminate it in an unusual way.
	Please contact the application's support team for more information.
	============================================================================
