external help file | Module Name | online version | schema |
---|---|---|---|
IoTCoreImaging-help.xml |
IoTCoreImaging |
2.0.0 |
Imports an certificate and adds to the Workspace security specification.
Import-IoTCertificate [-CertFile] <String> [-CertType] <String> [-Test] [<CommonParameters>]
Imports an certificate and adds to the Workspace security specification. For Secure boot functionality, it is mandatory to specify the PlatformKey and the KeyExchangeKey. For Bitlocker functionality, DataRecoveryAgent is required. For Device guard functionality, Update is mandatory. You will also need the following certs in the local cert store of the build machine (either installed directly or on a smart card). For signing purpose
- Certificate with private key corresponding to PlatformKey
- Certificate with private key corresponding to KeyExchangeKey For testing purposes, you can use the sample pfx files provided in the sample workspace and install them by double clicking on them.
Import-IoTCertificate $env:SAMPLEWKS\Certs\OEM-KEK.cer KeyExchangeKey
Imports OEM-KEK.cer as a KeyExchangeKey certificate for secure boot policy. The cert is also copied to the workspace certs folder.
Import-IoTCertificate $env:SAMPLEWKS\Certs\OEM-PK.cer PlatformKey
Imports OEM-PK.cer as a Platform key certificate for secure boot policy. The cert is also copied to the workspace certs folder.
Import-IoTCertificate $env:SAMPLEWKS\Certs\OEM-DRA.cer DataRecoveryAgent
Imports OEM-DRA.cer as a DataRecoveryAgent certificate for bitlocker policy. The cert is also copied to the workspace certs folder.
Import-IoTCertificate $env:SAMPLEWKS\Certs\OEM-KEK.cer Update
Imports OEM-KEK.cer as a update certificate for device guard policy. The cert is also copied to the workspace certs folder.
Import-IoTCertificate $env:SAMPLEWKS\Certs\OEM-UMCI.cer User
Imports OEM-UMCI.cer as a user mode code signing certificate for device guard. The cert is also copied to the workspace certs folder.
Mandatory parameter, specifying the package name, typically of namespace.name format. Wild cards supported.
Type: String
Parameter Sets: (All)
Aliases:
Required: True
Position: 1
Default value: None
Accept pipeline input: False
Accept wildcard characters: False
Mandatory parameter specifying the cert type. The supported values are for secure boot : "PlatformKey","KeyExchangeKey","Database" for bit locker : "DataRecoveryAgent" for device guard : "Update","User","Kernel" See IoTWorkspace.xml for the cert definitions.
Type: String
Parameter Sets: (All)
Aliases:
Required: True
Position: 2
Default value: None
Accept pipeline input: False
Accept wildcard characters: False
Switch parameter specifying if the certificate is test certificate
Type: SwitchParameter
Parameter Sets: (All)
Aliases:
Required: False
Position: 3
Default value: False
Accept pipeline input: False
Accept wildcard characters: False
This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see about_CommonParameters (http://go.microsoft.com/fwlink/?LinkID=113216).
See Add-IoT* and Import-IoT* methods.