|
|
3efed6 |
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
|
|
3efed6 |
From: Daniel Axtens <dja@axtens.net>
|
|
|
3efed6 |
Date: Sat, 15 Aug 2020 02:04:01 +1000
|
|
|
3efed6 |
Subject: [PATCH] docs/grub: --pubkey has been supported for some time
|
|
|
3efed6 |
|
|
|
3efed6 |
--pubkey is supported, so we can now document it.
|
|
|
3efed6 |
|
|
|
3efed6 |
(adjust docs: s/grub/grub2)
|
|
|
3efed6 |
Signed-off-by: Daniel Axtens <dja@axtens.net>
|
|
|
3efed6 |
---
|
|
|
3efed6 |
docs/grub.texi | 12 +++---------
|
|
|
3efed6 |
1 file changed, 3 insertions(+), 9 deletions(-)
|
|
|
3efed6 |
|
|
|
3efed6 |
diff --git a/docs/grub.texi b/docs/grub.texi
|
|
|
3efed6 |
index 34517e67439..a833364d5ff 100644
|
|
|
3efed6 |
--- a/docs/grub.texi
|
|
|
3efed6 |
+++ b/docs/grub.texi
|
|
|
3efed6 |
@@ -5695,15 +5695,9 @@ verified with a public key currently trusted by GRUB
|
|
|
3efed6 |
validation fails, then file @file{foo} cannot be opened. This failure
|
|
|
3efed6 |
may halt or otherwise impact the boot process.
|
|
|
3efed6 |
|
|
|
3efed6 |
-@comment Unfortunately --pubkey is not yet supported by grub2-install,
|
|
|
3efed6 |
-@comment but we should not bring up internal detail grub2-mkimage here
|
|
|
3efed6 |
-@comment in the user guide (as opposed to developer's manual).
|
|
|
3efed6 |
-
|
|
|
3efed6 |
-@comment An initial trusted public key can be embedded within the GRUB
|
|
|
3efed6 |
-@comment @file{core.img} using the @code{--pubkey} option to
|
|
|
3efed6 |
-@comment @command{grub2-mkimage} (@pxref{Invoking grub2-install}). Presently it
|
|
|
3efed6 |
-@comment is necessary to write a custom wrapper around @command{grub2-mkimage}
|
|
|
3efed6 |
-@comment using the @code{--grub-mkimage} flag to @command{grub2-install}.
|
|
|
3efed6 |
+An initial trusted public key can be embedded within the GRUB
|
|
|
3efed6 |
+@file{core.img} using the @code{--pubkey} option to
|
|
|
3efed6 |
+@command{grub2-install} (@pxref{Invoking grub2-install}).
|
|
|
3efed6 |
|
|
|
3efed6 |
GRUB uses GPG-style detached signatures (meaning that a file
|
|
|
3efed6 |
@file{foo.sig} will be produced when file @file{foo} is signed), and
|