From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 From: Daniel Axtens Date: Sat, 15 Aug 2020 02:04:01 +1000 Subject: [PATCH] docs/grub: --pubkey has been supported for some time --pubkey is supported, so we can now document it. (adjust docs: s/grub/grub2) Signed-off-by: Daniel Axtens --- docs/grub.texi | 12 +++--------- 1 file changed, 3 insertions(+), 9 deletions(-) diff --git a/docs/grub.texi b/docs/grub.texi index 2436c57f598..7fc2a62a4f8 100644 --- a/docs/grub.texi +++ b/docs/grub.texi @@ -5732,15 +5732,9 @@ verified with a public key currently trusted by GRUB validation fails, then file @file{foo} cannot be opened. This failure may halt or otherwise impact the boot process. -@comment Unfortunately --pubkey is not yet supported by grub2-install, -@comment but we should not bring up internal detail grub2-mkimage here -@comment in the user guide (as opposed to developer's manual). - -@comment An initial trusted public key can be embedded within the GRUB -@comment @file{core.img} using the @code{--pubkey} option to -@comment @command{grub2-mkimage} (@pxref{Invoking grub2-install}). Presently it -@comment is necessary to write a custom wrapper around @command{grub2-mkimage} -@comment using the @code{--grub-mkimage} flag to @command{grub2-install}. +An initial trusted public key can be embedded within the GRUB +@file{core.img} using the @code{--pubkey} option to +@command{grub2-install} (@pxref{Invoking grub2-install}). GRUB uses GPG-style detached signatures (meaning that a file @file{foo.sig} will be produced when file @file{foo} is signed), and