Next: videoinfo, Previous: unset, Up: Command-line commands [Contents][Index]
Verifies a GPG-style detached signature, where the signed file is
file, and the signature itself is in file signature_file.
Optionally, a specific public key to use can be specified using
pubkey_file. When environment variable check_signatures
is set to enforce, then pubkey_file must itself be
properly signed by an already-trusted key. An unsigned
pubkey_file can be loaded by specifying --skip-sig.
If pubkey_file is omitted, then public keys from GRUB’s trusted keys
(see list_trusted, see trust, and see distrust) are
tried.
Exit code $? is set to 0 if the signature validates
successfully. If validation fails, it is set to a non-zero value.
See Using digital signatures, for more information.