diff options
| author | Daan De Meyer <daan.j.demeyer@gmail.com> | 2024-11-05 13:43:02 +0100 |
|---|---|---|
| committer | Daan De Meyer <daan.j.demeyer@gmail.com> | 2024-11-06 14:01:09 +0100 |
| commit | 8cbd9d8328d58a69414b3ce845b29476da155f57 (patch) | |
| tree | d318ad1809d1ac0fc008ace9db2ce909b1242df6 /man | |
| parent | Introduce systemd-sbsign to do secure boot signing (diff) | |
| download | systemd-8cbd9d8328d58a69414b3ce845b29476da155f57.tar.xz systemd-8cbd9d8328d58a69414b3ce845b29476da155f57.zip | |
sbsign: Add validate-key verb
This verb checks that we can load the specified private key.
Diffstat (limited to 'man')
| -rw-r--r-- | man/systemd-sbsign.xml | 16 |
1 files changed, 16 insertions, 0 deletions
diff --git a/man/systemd-sbsign.xml b/man/systemd-sbsign.xml index d7095e821c..cd7d06d79f 100644 --- a/man/systemd-sbsign.xml +++ b/man/systemd-sbsign.xml @@ -49,6 +49,22 @@ <xi:include href="version-info.xml" xpointer="v257"/> </listitem> </varlistentry> + + <varlistentry> + <term><option>validate-key</option></term> + + <listitem><para>Checks that we can load the private key specified with + <option>--private-key=</option>. </para> + + <para>As a side effect, if the private key is loaded from a PIN-protected hardware token, this + command can be used to cache the PIN in the kernel keyring. The + <varname>$SYSTEMD_ASK_PASSWORD_KEYRING_TIMEOUT_SEC</varname> and + <varname>$SYSTEMD_ASK_PASSWORD_KEYRING_TYPE</varname> environment variables can be used to control + how long and in which kernel keyring the PIN is cached.</para> + + <xi:include href="version-info.xml" xpointer="v257"/> + </listitem> + </varlistentry> </variablelist> </refsect1> |