Currently signstar only supports raw cryptographic signatures and OpenPGP signatures (after !19 is merged). For signing EFI binaries (e.g. `shim`, required for secure boot), we may require [X.509](https://en.wikipedia.org/wiki/X.509) support, which should (also) be exposed in nethsm-cli and the standalone signing executable.