diff options
| author | Luca Boccassi <bluca@debian.org> | 2023-06-30 22:55:58 +0200 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2023-06-30 22:55:58 +0200 |
| commit | cc5afe481e7e932bef2821a78aa07347f79e202b (patch) | |
| tree | 381428ec3ac1f0675681615ee16b87c0d90656e3 /man | |
| parent | Merge pull request #28211 from poettering/unit-abstract (diff) | |
| parent | boot: measure .sbat section (diff) | |
| download | systemd-cc5afe481e7e932bef2821a78aa07347f79e202b.tar.xz systemd-cc5afe481e7e932bef2821a78aa07347f79e202b.zip | |
Merge pull request #28187 from bluca/sbat
ukify: merge .sbat sections from stub and kernel
Diffstat (limited to 'man')
| -rw-r--r-- | man/systemd-measure.xml | 8 | ||||
| -rw-r--r-- | man/ukify.xml | 6 |
2 files changed, 11 insertions, 3 deletions
diff --git a/man/systemd-measure.xml b/man/systemd-measure.xml index dddc2bf16b..7279df8d08 100644 --- a/man/systemd-measure.xml +++ b/man/systemd-measure.xml @@ -73,9 +73,10 @@ <listitem><para>Pre-calculate the expected values seen in PCR register 11 after boot-up of a unified kernel image consisting of the components specified with <option>--linux=</option>, <option>--osrel=</option>, <option>--cmdline=</option>, <option>--initrd=</option>, - <option>--splash=</option>, <option>--dtb=</option>, <option>--pcrpkey=</option> see below. Only - <option>--linux=</option> is mandatory. (Alternatively, specify <option>--current</option> to use the - current values of PCR register 11 instead.)</para></listitem> + <option>--splash=</option>, <option>--dtb=</option>, <option>--sbat=</option>, + <option>--pcrpkey=</option> see below. Only <option>--linux=</option> is mandatory. (Alternatively, + specify <option>--current</option> to use the current values of PCR register 11 instead.)</para> + </listitem> </varlistentry> <varlistentry> @@ -112,6 +113,7 @@ <term><option>--initrd=<replaceable>PATH</replaceable></option></term> <term><option>--splash=<replaceable>PATH</replaceable></option></term> <term><option>--dtb=<replaceable>PATH</replaceable></option></term> + <term><option>--sbat=<replaceable>PATH</replaceable></option></term> <term><option>--pcrpkey=<replaceable>PATH</replaceable></option></term> <listitem><para>When used with the <command>calculate</command> or <command>sign</command> verb, diff --git a/man/ukify.xml b/man/ukify.xml index 44fb3a5237..31e54c473a 100644 --- a/man/ukify.xml +++ b/man/ukify.xml @@ -98,6 +98,12 @@ discussion of automatic enrollment in <citerefentry><refentrytitle>systemd-boot</refentrytitle><manvolnum>7</manvolnum></citerefentry>. </para> + + <para>If the stub and/or the kernel contain <literal>.sbat</literal> sections they will be merged in + the UKI so that revocation updates affecting either are considered when the UKI is loaded by Shim. For + more information on SBAT see + <ulink url="https://github.com/rhboot/shim/blob/main/SBAT.md">Shim's documentation.</ulink> + </para> </refsect2> <refsect2> |