diff options
author | Дамјан Георгиевски <gdamjan@gmail.com> | 2021-11-29 22:44:01 +0100 |
---|---|---|
committer | Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> | 2021-12-08 22:21:34 +0100 |
commit | 12caf7271655e16030e34279b1fb0b29a592f6ad (patch) | |
tree | cf003d17b8012354f837140e54192ae6820a5e31 /man/bootctl.xml | |
parent | 0264c60d44eecd3e8369c9d013f6f3f7f23ddabc (diff) | |
download | systemd-12caf7271655e16030e34279b1fb0b29a592f6ad.tar.gz |
bootctl: optionally install .signed efi file
if /usr/lib/systemd/boot/efi/systemd-bootx64.efi.signed exists
install that instead of /usr/lib/systemd/boot/efi/systemd-bootx64.efi
the idea is that SecureBoot tooling can create the efi.signed file
whenever /usr/lib/systemd/boot/efi/systemd-bootx64.efi from the package
is updated.
Diffstat (limited to 'man/bootctl.xml')
-rw-r--r-- | man/bootctl.xml | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/man/bootctl.xml b/man/bootctl.xml index a0be688321..c50f458bbc 100644 --- a/man/bootctl.xml +++ b/man/bootctl.xml @@ -287,6 +287,14 @@ </refsect1> <refsect1> + <title>Signed .efi files</title> + <para><command>bootctl</command> <option>install</option> and <option>update</option> will look for a + <command>systemd-boot</command> file ending with the <literal>.efi.signed</literal> suffix first, and copy + that instead of the normal <literal>.efi</literal> file. This allows distributions or end-users to provide + signed images for UEFI SecureBoot.</para> + </refsect1> + + <refsect1> <title>Exit status</title> <para>On success, 0 is returned, a non-zero failure code otherwise.</para> </refsect1> |