Next: , Previous: , Up: Command-line commands   [Contents][Index]

17.4.76 trust

Command: trust [--skip-sig] pubkey_file

Read public key from pubkey_file and add it to GRUB’s internal list of trusted public keys. These keys are used to validate digital signatures when environment variable check_signatures is set to enforce. Note that if check_signatures is set to enforce when trust executes, then pubkey_file must itself be properly signed. The --skip-sig option can be used to disable signature-checking when reading pubkey_file itself. It is expected that --skip-sig is useful for testing and manual booting. See Using digital signatures, for more information.