17.4.22 distrust

Command: distrust pubkey_id

Remove public key pubkey_id from GRUB’s keyring of trusted keys. pubkey_id is the last four bytes (eight hexadecimal digits) of the GPG v4 key id, which is also the output of list_trusted (see list_trusted). Outside of GRUB, the key id can be obtained using gpg --fingerprint). These keys are used to validate signatures when environment variable check_signatures is set to enforce (see check_signatures), and by some invocations of verify_detached (see verify_detached). See Using digital signatures, for more information.