Skip to content

Commit

Permalink
zipl: add secure boot man page updates
Browse files Browse the repository at this point in the history 
Add zipl and zipl.conf man page updates.

The zipl man page will look like:

       -S <SWITCH> or --secure <SWITCH>
               Control the zIPL secure boot support.  <SWITCH> can take one of three values:

                 auto (default)
                   Write signatures if available and supported by the system.
                 1
                   Signatures are written independent of support indicated by the local
                   system. Also missing signatures for stage 3 and kernel IPL files
                   will result in an error.
                 0
                   No signatures will be written.

The zipl.conf man page will look like:

       secure = auto/1/0 (configuration only)

              Configuration section:
              Control the zIPL secure boot support.  Set this option to one of the following:

                -  auto: Write signatures if available and supported by the system.

                -  1: Signatures are written independent of support indicated by the local system.
		   Also missing signatures for stage 3 and kernel IPL files will result in an error.

                -  0: No signatures will be written.

                   The default value for 'secure' is auto.

Signed-off-by: Stefan Haberland <sth@linux.ibm.com>
Acked-by: Peter Oberparleiter <oberpar@linux.ibm.com>
Signed-off-by: Jan Höppner <hoeppner@linux.ibm.com>
  • Loading branch information
@hoeppnerj
Stefan Haberland authored and hoeppnerj committed Apr 29, 2019
1 parent 331b54d commit 6ea645b
Show file tree
Hide file tree
Showing 2 changed files with 42 additions and 0 deletions.
15 changes: 15 additions & 0 deletions zipl/man/zipl.8
View file
Expand Up @@ -352,6 +352,21 @@ whether they contain a dump signature or not.
This option can only be used together with
.BR \-\-mvdump .

.TP
.BR "\-S <SWITCH>" " or " "\-\-secure <SWITCH>"
Control the zIPL secure boot support.
<SWITCH> can take one of three values:

auto (default)
Write signatures if available and supported by the system.
1
Signatures are written independent of support indicated by the local
system. Also missing signatures for stage 3 and kernel IPL files
will result in an error.
0
No signatures will be written.


.SH EXAMPLE
1. Scenario: prepare disk for booting a Linux kernel image using the
following parameters:
Expand Down
27 changes: 27 additions & 0 deletions zipl/man/zipl.conf.5
View file
Expand Up @@ -82,6 +82,8 @@ below).
.br
defaultmenu = menu1
.br
secure = auto
.br

[linux]
.br
Expand Down Expand Up @@ -517,6 +519,31 @@ An optional hexadecimal address may be provided to load the kernel to a
non-default memory location.
.PP

.B secure
=
.IR auto / 1 / 0
(configuration only)
.IP
.B Configuration section:
.br
Control the zIPL secure boot support.
Set this option to one of the following:
.IP " - " 12
.BR auto:
Write signatures if available and supported by the system.
.IP " - " 12
.BR 1:
Signatures are written independent of support indicated by the local system.
Also missing signatures for stage 3 and kernel IPL files will result in an error.
.IP " - " 12
.BR 0:
No signatures will be written.

The default value for
.B 'secure'
is auto.
.PP

.B segment
=
.IR segment\-file , address
Expand Down

0 comments on commit 6ea645b

Please sign in to comment.