diff options
| author | Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> | 2023-06-06 21:06:20 +0200 |
|---|---|---|
| committer | Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> | 2023-06-14 13:17:33 +0200 |
| commit | a1c80efddc057b4d1dcddc51dbb1244e8df51752 (patch) | |
| tree | 2c7fedae8ba2e2d7b9c05deb290c8bb26e1b181e /man/ukify.xml | |
| parent | ukify: move verb mangling to finalize_options() (diff) | |
| download | systemd-a1c80efddc057b4d1dcddc51dbb1244e8df51752.tar.xz systemd-a1c80efddc057b4d1dcddc51dbb1244e8df51752.zip | |
ukify: add 'genkey' verb
The idea is to make it easy to generate all the signing key and certs
that can be used for local signing. The verb is the modeled after
'mkosi genkey', but there are some important differences: we generate
the keys to the paths where they will be read from, both pcr signing
keys and the SecureBoot certificate+key.
If any of the outputs exist, operation is refused. Maybe we could add a
--force option in the future, but this operation should be rare, so I think
it's better to refuse to overwrite anything initially.
I'm only doing a token man page change here.
https://github.com/systemd/systemd/pull/27621 reworks the man page,
and the changes done here would conflict heavily with that work. I'll
submit a follow-up patch later.
Diffstat (limited to 'man/ukify.xml')
| -rw-r--r-- | man/ukify.xml | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/man/ukify.xml b/man/ukify.xml index b2e7f82d8f..283d58b3b0 100644 --- a/man/ukify.xml +++ b/man/ukify.xml @@ -25,6 +25,7 @@ <command>/usr/lib/systemd/ukify</command> <arg choice="opt" rep="repeat">OPTIONS</arg> <arg choice="plain">build</arg> + <arg choice="plain">genkey</arg> </cmdsynopsis> </refsynopsisdiv> |