bootctl: optionally install .signed efi file

if /usr/lib/systemd/boot/efi/systemd-bootx64.efi.signed exists install that instead of /usr/lib/systemd/boot/efi/systemd-bootx64.efi the idea is that SecureBoot tooling can create the efi.signed file whenever /usr/lib/systemd/boot/efi/systemd-bootx64.efi from the package is updated.
author: Дамјан Георгиевски <gdamjan@gmail.com> 2021-11-29 22:44:01 +0100
committer: Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> 2021-12-08 22:21:34 +0100
commit: 12caf7271655e16030e34279b1fb0b29a592f6ad (patch)
tree: cf003d17b8012354f837140e54192ae6820a5e31 /man/bootctl.xml
parent: 0264c60d44eecd3e8369c9d013f6f3f7f23ddabc (diff)
download: systemd-12caf7271655e16030e34279b1fb0b29a592f6ad.tar.gz
1 files changed, 8 insertions, 0 deletions
diff --git a/man/bootctl.xml b/man/bootctl.xml
index a0be688321..c50f458bbc 100644
--- a/man/bootctl.xml
+++ b/man/bootctl.xml
@@ -287,6 +287,14 @@
   </refsect1>
 
   <refsect1>
+    <title>Signed .efi files</title>
+    <para><command>bootctl</command> <option>install</option> and <option>update</option> will look for a
+    <command>systemd-boot</command> file ending with the <literal>.efi.signed</literal> suffix first, and copy
+    that instead of the normal <literal>.efi</literal> file. This allows distributions or end-users to provide
+    signed images for UEFI SecureBoot.</para>
+  </refsect1>
+
+  <refsect1>
     <title>Exit status</title>
     <para>On success, 0 is returned, a non-zero failure code otherwise.</para>
   </refsect1>
author	Дамјан Георгиевски <gdamjan@gmail.com>	2021-11-29 22:44:01 +0100
committer	Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl>	2021-12-08 22:21:34 +0100
commit	12caf7271655e16030e34279b1fb0b29a592f6ad (patch)
tree	cf003d17b8012354f837140e54192ae6820a5e31 /man/bootctl.xml
parent	0264c60d44eecd3e8369c9d013f6f3f7f23ddabc (diff)
download	systemd-12caf7271655e16030e34279b1fb0b29a592f6ad.tar.gz