On 13.01.2013 09:33, Andrey Borzenkov wrote: > В Fri, 11 Jan 2013 21:54:22 +0100 > Vladimir 'φ-coder/phcoder' Serbinenko <phco...@gmail.com> пишет: > >> Hello, all. I've just committed import of libgcrypt and implementation >> of related code to check signatures. Short usage: >> verify_detached FILE FILE.sig [pubkey.gpg] > > Just to be sure. Signature is created using > > gpg --detach-sign FILE > > correct? >
Yes >> trust KEY.gpg >> distruct KEYID > > distrust? > The opposite of trust >> check_signatures=[enforce|no] >> > > There is no command to list currently trusted keys. Would it be > useful? key_list or "trust --list"? > Added. >> grub-mkimage -k KEY gcry_dsa verify [...] >> >> When check_signatures=enforce every time anthing tries to open a file >> its signature (file.sig) is looked for and the open fails if signature >> is absent or invalid. > > This means - *any* file, including grub.cfg, themes etc? Or does it > apply to modules only? > All files. > > > _______________________________________________ > Grub-devel mailing list > Grub-devel@gnu.org > https://lists.gnu.org/mailman/listinfo/grub-devel -- Regards Vladimir 'φ-coder/phcoder' Serbinenko
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Grub-devel mailing list Grub-devel@gnu.org https://lists.gnu.org/mailman/listinfo/grub-devel
