Export signing is optional. Before you can do Export signing for a
   module, you must already have done Integrity signing and a manifest
   must exist.  For more information about Export signing, refer to the
   Intel CDSA Manifest Signing Tools User's Guide.

 SYNOPSIS

   cdsa_sign manifest_path signer_cert password cert_chain usee_tag
   priv_tag pvcapi_tag pvcspi_tag

 OPTIONS

   manifest_path
      The path (in UNIX directory format) to the manifest created in the
      Integrity signing phase.

   signer_cert
      The name of the certificate being used to sign the module.

   password
      The password for the private key of the certificate being used to
      sign the module.

   cert_chain
      A text file identifying the Export certificates to be embedded.
      This file has the following form:

        number
        cert1
        cert2
        .
        .
        .

        where number is the number of certificates being embedded, and
        cert1 and cert2 are the names of certificates to be embedded;
        for example:

             2
             introot.cer
             intmanf.cer

   usee_tag
      The base-64 encoded value of the CSSM_USEE_TAG value.
      This value must be enclosed within double quotation marks.

   priv_tag
      The CDSA_PRIV tag in the manifest.  Currently, no CDSA_PRIV tag
      values are defined, so specify "XX" to indicate that this tag is
      not in the manifest.

   pvcapi_tag
      The CDSA_PVC_API tag for application and CSSM manifests.
      The values are:

        "EXEMPT" Specifies an application manifest.
        "OFF"    Specifies a CSSM manifest.
        "XX"     Specifies that the CDSA_PVC_API tag is not
                 in the manifest.

   pvcspi_tag
      The CDSA_PVC_SPI tag for application and CSSM manifests.
      The values are:

        "EXEMPT" Specifies an application manifest.
        "OFF"    Specifies a CSSM manifest.
        "XX"     Specifies that the CDSA_PVC_SPI tag is not
                 in the manifest.