diff options
| author | Lennart Poettering <lennart@poettering.net> | 2024-02-28 22:04:58 +0100 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2024-02-28 22:04:58 +0100 |
| commit | 5b97957376ba647ee6c92c940c79751e87a65471 (patch) | |
| tree | d6d943815fd39f44d2f708c17f4e025c45aa455d /docs/ENVIRONMENT.md | |
| parent | Merge pull request #31524 from poettering/secure-getenv-naming-fix (diff) | |
| parent | dissect: condition usespace verity keyring via kernel cmdline option + env var (diff) | |
| download | systemd-5b97957376ba647ee6c92c940c79751e87a65471.tar.xz systemd-5b97957376ba647ee6c92c940c79751e87a65471.zip | |
Merge pull request #31531 from poettering/verity-userspace-optional
dissect: make use of userspace verity keyring optional
Diffstat (limited to 'docs/ENVIRONMENT.md')
| -rw-r--r-- | docs/ENVIRONMENT.md | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/docs/ENVIRONMENT.md b/docs/ENVIRONMENT.md index d55bcaf802..302ca67b57 100644 --- a/docs/ENVIRONMENT.md +++ b/docs/ENVIRONMENT.md @@ -488,6 +488,12 @@ disk images with `--image=` or similar: devices when opening them. Defaults to on, set this to "0" to disable this feature. +* `$SYSTEMD_ALLOW_USERSPACE_VERITY` — takes a boolean, which controls whether + to consider the userspace Verity public key store in `/etc/verity.d/` (and + related directories) to authenticate signatures on Verity hashes of disk + images. Defaults to true, i.e. userspace signature validation is allowed. If + false, authentication can be done only via the kernel's internal keyring. + `systemd-cryptsetup`: * `$SYSTEMD_CRYPTSETUP_USE_TOKEN_MODULE` – takes a boolean, which controls |