Lines Matching refs:key
56 enabled. Here's an example of generating a GPG signing key::
59 gpg --homedir keys --gen-key
60 gpg --homedir keys --export > boot.key
62 The :command:`gpg --gen-key` generates a public and private key pair.
63 The private key is used to sign GRUB configuration files and ACRN
64 binaries. The public key will be embedded in GRUB and is used to verify
118 GPG key and create the :file:`grub.init.cfg.sig`::
128 The ``--pubkey`` option adds a GPG public key that will be used for
129 verification. The public key ``boot.key`` is no longer required.
155 --pubkey ./boot.key \
197 **must** be signed with the same GPG key.
220 …openssl req -new -x509 -newkey rsa:2048 -subj "/CN=PK/" -keyout PK.key -out PK.crt -days 7300 -…
221 …openssl req -new -x509 -newkey rsa:2048 -subj "/CN=KEK/" -keyout KEK.key -out KEK.crt -days 7300 -…
222 …openssl req -new -x509 -newkey rsa:2048 -subj "/CN=db/" -keyout db.key -out db.crt -days 7300 -…
232 sign-efi-sig-list -k PK.key -c PK.crt PK PK.esl PK.auth
233 sign-efi-sig-list -k PK.key -c PK.crt KEK KEK.esl KEK.auth
234 sign-efi-sig-list -k KEK.key -c KEK.crt db db.esl db.auth
244 The keys to sign bootloader image: :file:`grubx64.efi`, :file:`db.key` , :file:`db.crt`.
251 sbsign --key db.key --cert db.crt path/to/grubx64.efi
262 keys, using your own key files. From now on, only EFI binaries
263 signed with any ``db`` key (:file:`grubx64.efi.signed` in this case) can