void-packages/srcpkgs/sbsigntool/files/sbsigntool-kernel-hook.conf
2019-04-18 12:58:10 -03:00

21 lines
622 B
Text

# Options for kernel hook script installed by the sbsigntool package
# set this option to 1 to sign the kernel with default hook
SBSIGN_EFI_KERNEL=0
# The key and certificate to sign
#
# sbsigntool will only sign if `EFI_KEY_FILE':
# - owner: root
# - permission: 0*00
EFI_KEY_FILE=/etc/efikeys/db.key
EFI_CERT_FILE=/etc/efikeys/db.crt
# set to 1 to keep the unsigned backup
EFI_KEEP_UNSIGNED=0
# OpenSSL/LibreSSL engine to load the key
# Completely untested, but here is your option
# See `efi-updatevar', `sbsign', and `sbvarsign'
# Don't uncomment this option unless you know what you're doing
# EFI_SIGN_ENGINE=