22 lines
622 B
Plaintext
22 lines
622 B
Plaintext
# Options for kernel hook script installed by the sbsigntool package
|
|
|
|
# set this option to 1 to sign the kernel with default hook
|
|
SBSIGN_EFI_KERNEL=0
|
|
|
|
# The key and certificate to sign
|
|
#
|
|
# sbsigntool will only sign if `EFI_KEY_FILE':
|
|
# - owner: root
|
|
# - permission: 0*00
|
|
EFI_KEY_FILE=/etc/efikeys/db.key
|
|
EFI_CERT_FILE=/etc/efikeys/db.crt
|
|
|
|
# set to 1 to keep the unsigned backup
|
|
EFI_KEEP_UNSIGNED=0
|
|
|
|
# OpenSSL/LibreSSL engine to load the key
|
|
# Completely untested, but here is your option
|
|
# See `efi-updatevar', `sbsign', and `sbvarsign'
|
|
# Don't uncomment this option unless you know what you're doing
|
|
# EFI_SIGN_ENGINE=
|