diff options
| author | Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> | 2022-11-26 14:31:57 +0100 |
|---|---|---|
| committer | Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> | 2022-12-07 17:22:05 +0100 |
| commit | 54c84c8a7a95f73af3a1cd5f53e49abc79244b3f (patch) | |
| tree | 0ff0129054dc6fb6b1e172abd66d3b5e98b2f1f5 /man/ukify.xml | |
| parent | 1f6da5d902ef192c7fe24ffd4ebb3b9e1f2ecda8 (diff) | |
| download | systemd-54c84c8a7a95f73af3a1cd5f53e49abc79244b3f.tar.gz | |
ukify: allow multiple initrds
If given, multiple initrds are concatenated into a temporary file which then
becomes the .initrd section.
It is also possible to give no initrd. After all, some machines boot without an
initrd, and it should be possible to use the stub without requiring an initrd.
(The stub might not like this, but this is something to fix there.)
Diffstat (limited to 'man/ukify.xml')
| -rw-r--r-- | man/ukify.xml | 11 |
1 files changed, 8 insertions, 3 deletions
diff --git a/man/ukify.xml b/man/ukify.xml index 3cc13a4cba..17546d543d 100644 --- a/man/ukify.xml +++ b/man/ukify.xml @@ -24,7 +24,7 @@ <cmdsynopsis> <command>/usr/lib/systemd/ukify</command> <arg choice="plain"><replaceable>LINUX</replaceable></arg> - <arg choice="plain"><replaceable>INITRD</replaceable></arg> + <arg choice="plain" rep="repeat"><replaceable>INITRD</replaceable></arg> <arg choice="opt" rep="repeat">OPTIONS</arg> </cmdsynopsis> </refsynopsisdiv> @@ -78,8 +78,10 @@ <refsect1> <title>Options</title> - <para>Note that the <replaceable>LINUX</replaceable> and <replaceable>INITRD</replaceable> positional - arguments are mandatory.</para> + <para>Note that the <replaceable>LINUX</replaceable> positional argument is mandatory. The + <replaceable>INITRD</replaceable> positional arguments are optional. If more than one is specified, they + will all be combined into a single PE section. This is useful to for example prepend microcode before the + actual initrd.</para> <para>The following options are understood:</para> @@ -268,6 +270,7 @@ <programlisting>/usr/lib/systemd/ukify \ /lib/modules/6.0.9-300.fc37.x86_64/vmlinuz \ + early_cpio \ /some/path/initramfs-6.0.9-300.fc37.x86_64.img \ --pcr-private-key=pcr-private-initrd-key.pem \ --pcr-public-key=pcr-public-initrd-key.pem \ @@ -284,6 +287,8 @@ </programlisting> <para>This creates a signed UKI <filename index='false'>./vmlinuz.signed.efi</filename>. + The initrd section contains two concatenated parts, <filename index='false'>early_cpio</filename> + and <filename index='false'>initramfs-6.0.9-300.fc37.x86_64.img</filename>. The policy embedded in the <literal>.pcrsig</literal> section will be signed for the initrd (the <constant>enter-initrd</constant> phase) with the key <filename index='false'>pcr-private-initrd-key.pem</filename>, and for the main system (phases |