Adding upstream version 4.22.0.upstream/4.22.0

Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>

1 files changed, 900 insertions, 0 deletions

diff --git a/templates/man5/loader.conf.5.pot b/templates/man5/loader.conf.5.pot
new file mode 100644
index 00000000..ff867284
--- /dev/null
+++ b/templates/man5/loader.conf.5.pot
@@ -0,0 +1,900 @@
+# SOME DESCRIPTIVE TITLE
+# Copyright (C) YEAR Free Software Foundation, Inc.
+# This file is distributed under the same license as the PACKAGE package.
+# FIRST AUTHOR <EMAIL@ADDRESS>, YEAR.
+#
+#, fuzzy
+msgid ""
+msgstr ""
+"Project-Id-Version: PACKAGE VERSION\n"
+"POT-Creation-Date: 2024-03-01 17:00+0100\n"
+"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
+"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
+"Language-Team: LANGUAGE <LL@li.org>\n"
+"Language: \n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+
+#. type: TH
+#: archlinux debian-bookworm debian-unstable mageia-cauldron
+#, no-wrap
+msgid "LOADER\\&.CONF"
+msgstr ""
+
+#. type: TH
+#: archlinux debian-unstable mageia-cauldron
+#, no-wrap
+msgid "systemd 255"
+msgstr ""
+
+#. type: TH
+#: archlinux debian-bookworm debian-unstable mageia-cauldron
+#, no-wrap
+msgid "loader.conf"
+msgstr ""
+
+#.  -----------------------------------------------------------------
+#.  * MAIN CONTENT STARTS HERE *
+#.  -----------------------------------------------------------------
+#. type: SH
+#: archlinux debian-bookworm debian-unstable mageia-cauldron
+#, no-wrap
+msgid "NAME"
+msgstr ""
+
+#. type: Plain text
+#: archlinux debian-bookworm debian-unstable mageia-cauldron
+msgid "loader.conf - Configuration file for systemd-boot"
+msgstr ""
+
+#. type: SH
+#: archlinux debian-bookworm debian-unstable mageia-cauldron
+#, no-wrap
+msgid "SYNOPSIS"
+msgstr ""
+
+#. type: Plain text
+#: archlinux debian-bookworm debian-unstable mageia-cauldron
+msgid ""
+"I<ESP>/loader/loader\\&.conf, I<ESP>/loader/entries/*\\&.conf I<XBOOTLDR>/"
+"loader/entries/*\\&.conf"
+msgstr ""
+
+#. type: SH
+#: archlinux debian-bookworm debian-unstable mageia-cauldron
+#, no-wrap
+msgid "DESCRIPTION"
+msgstr ""
+
+#. type: Plain text
+#: archlinux debian-bookworm debian-unstable mageia-cauldron
+msgid ""
+"B<systemd-boot>(7)  will read I<ESP>/loader/loader\\&.conf, and any files "
+"with the \"\\&.conf\" extension under I<ESP>/loader/entries/ on the EFI "
+"system partition (ESP), and I<XBOOTLDR>/loader/entries/ on the extended boot "
+"loader partition (XBOOTLDR) as defined by \\m[blue]B<Boot Loader "
+"Specification>\\m[]\\&\\s-2\\u[1]\\d\\s+2\\&."
+msgstr ""
+
+#. type: Plain text
+#: archlinux debian-bookworm debian-unstable mageia-cauldron
+msgid ""
+"Each of these configuration files must consist of series of newline (i\\&."
+"e\\&. ASCII code 10) separated lines, each consisting of an option name, "
+"followed by whitespace, and the option value\\&.  \"#\" may be used to start "
+"a comment line\\&. Empty and comment lines are ignored\\&. The files use "
+"UTF-8 encoding\\&."
+msgstr ""
+
+#. type: Plain text
+#: archlinux debian-bookworm debian-unstable mageia-cauldron
+msgid ""
+"Boolean arguments may be written as \"yes\"/\"y\"/\"true\"/\"t\"/\"on\"/"
+"\"1\" or \"no\"/\"n\"/\"false\"/\"f\"/\"off\"/\"0\"\\&."
+msgstr ""
+
+#. type: SH
+#: archlinux debian-bookworm debian-unstable mageia-cauldron
+#, no-wrap
+msgid "OPTIONS"
+msgstr ""
+
+#. type: Plain text
+#: archlinux debian-bookworm debian-unstable mageia-cauldron
+msgid ""
+"The configuration options supported by I<ESP>/loader/entries/*\\&.conf and "
+"I<XBOOTLDR>/loader/entries/*\\&.conf files are defined as part of the "
+"\\m[blue]B<Boot Loader Specification>\\m[]\\&\\s-2\\u[1]\\d\\s+2\\&."
+msgstr ""
+
+#. type: Plain text
+#: archlinux debian-bookworm debian-unstable mageia-cauldron
+msgid ""
+"The following configuration are supported by the loader\\&.conf "
+"configuration file:"
+msgstr ""
+
+#. type: Plain text
+#: archlinux debian-bookworm debian-unstable mageia-cauldron
+msgid "default"
+msgstr ""
+
+#. type: Plain text
+#: archlinux debian-bookworm debian-unstable mageia-cauldron
+msgid ""
+"A glob pattern to select the default entry\\&. The default entry may be "
+"changed in the boot menu itself, in which case the name of the selected "
+"entry will be stored as an EFI variable, overriding this option\\&."
+msgstr ""
+
+#. type: Plain text
+#: archlinux debian-bookworm debian-unstable mageia-cauldron
+msgid ""
+"If set to \"@saved\" the chosen entry will be saved as an EFI variable on "
+"every boot and automatically selected the next time the boot loader "
+"starts\\&."
+msgstr ""
+
+#. type: Plain text
+#: archlinux debian-bookworm debian-unstable mageia-cauldron
+msgid ""
+"B<Table\\ \\&1.\\ \\&Automatically detected entries will use the following "
+"names:>"
+msgstr ""
+
+#. type: tbl table
+#: archlinux debian-bookworm debian-unstable mageia-cauldron
+#, no-wrap
+msgid "Name"
+msgstr ""
+
+#. type: tbl table
+#: archlinux debian-bookworm debian-unstable mageia-cauldron
+#, no-wrap
+msgid "Description"
+msgstr ""
+
+#. type: tbl table
+#: archlinux debian-bookworm debian-unstable mageia-cauldron
+#, no-wrap
+msgid ".T&"
+msgstr ""
+
+#. type: tbl table
+#: archlinux debian-bookworm debian-unstable mageia-cauldron
+#, no-wrap
+msgid "l l"
+msgstr ""
+
+#. type: tbl table
+#: archlinux debian-bookworm debian-unstable mageia-cauldron
+#, no-wrap
+msgid "l l."
+msgstr ""
+
+#. type: tbl table
+#: archlinux debian-bookworm debian-unstable mageia-cauldron
+#, no-wrap
+msgid "auto-efi-default"
+msgstr ""
+
+#. type: tbl table
+#: archlinux debian-bookworm debian-unstable mageia-cauldron
+#, no-wrap
+msgid "EFI Default Loader"
+msgstr ""
+
+#. type: tbl table
+#: archlinux debian-bookworm debian-unstable mageia-cauldron
+#, no-wrap
+msgid "auto-efi-shell"
+msgstr ""
+
+#. type: tbl table
+#: archlinux debian-bookworm debian-unstable mageia-cauldron
+#, no-wrap
+msgid "EFI Shell"
+msgstr ""
+
+#. type: tbl table
+#: archlinux debian-bookworm debian-unstable mageia-cauldron
+#, no-wrap
+msgid "auto-osx"
+msgstr ""
+
+#. type: tbl table
+#: archlinux debian-bookworm debian-unstable mageia-cauldron
+#, no-wrap
+msgid "macOS"
+msgstr ""
+
+#. type: tbl table
+#: archlinux debian-unstable mageia-cauldron
+#, no-wrap
+msgid "auto-poweroff"
+msgstr ""
+
+#. type: tbl table
+#: archlinux debian-unstable mageia-cauldron
+#, no-wrap
+msgid "Power Off The System"
+msgstr ""
+
+#. type: tbl table
+#: archlinux debian-unstable mageia-cauldron
+#, no-wrap
+msgid "auto-reboot"
+msgstr ""
+
+#. type: tbl table
+#: archlinux debian-unstable mageia-cauldron
+#, no-wrap
+msgid "Reboot The System"
+msgstr ""
+
+#. type: tbl table
+#: archlinux debian-bookworm debian-unstable mageia-cauldron
+#, no-wrap
+msgid "auto-reboot-to-firmware-setup"
+msgstr ""
+
+#. type: tbl table
+#: archlinux debian-bookworm debian-unstable mageia-cauldron
+#, no-wrap
+msgid "Reboot Into Firmware Interface"
+msgstr ""
+
+#. type: tbl table
+#: archlinux debian-bookworm debian-unstable mageia-cauldron
+#, no-wrap
+msgid "auto-windows"
+msgstr ""
+
+#. type: tbl table
+#: archlinux debian-bookworm debian-unstable mageia-cauldron
+#, no-wrap
+msgid "Windows Boot Manager"
+msgstr ""
+
+#. type: Plain text
+#: archlinux debian-bookworm debian-unstable mageia-cauldron
+msgid ""
+"Supported glob wildcard patterns are \"?\", \"*\", and "
+"\"[\\&...]\" (including ranges)\\&. Note that these patterns use the same "
+"syntax as B<glob>(7), but do not support all features\\&. In particular, set "
+"negation and named character classes are not supported\\&. The matching is "
+"done case-insensitively on the entry ID (as shown by B<bootctl list>)\\&."
+msgstr ""
+
+#. type: Plain text
+#: archlinux debian-unstable mageia-cauldron
+msgid "Added in version 239\\&."
+msgstr ""
+
+#. type: Plain text
+#: archlinux debian-bookworm debian-unstable mageia-cauldron
+msgid "timeout"
+msgstr ""
+
+#. type: Plain text
+#: archlinux debian-bookworm debian-unstable mageia-cauldron
+msgid ""
+"How long the boot menu should be shown before the default entry is booted, "
+"in seconds\\&. This may be changed in the boot menu itself and will be "
+"stored as an EFI variable in that case, overriding this option\\&."
+msgstr ""
+
+#. type: Plain text
+#: archlinux debian-unstable mageia-cauldron
+msgid ""
+"If set to \"menu-disabled\" or \"menu-hidden\" or \"0\" (the default), no "
+"menu is shown and the default entry will be booted immediately\\&. Unless "
+"\"menu-disabled\" is used, the menu can be shown by pressing and holding a "
+"key before systemd-boot is launched\\&. Setting this to \"menu-force\" "
+"disables the timeout while always showing the menu\\&."
+msgstr ""
+
+#. type: Plain text
+#: archlinux debian-bookworm debian-unstable mageia-cauldron
+msgid "console-mode"
+msgstr ""
+
+#. type: Plain text
+#: archlinux debian-unstable mageia-cauldron
+msgid ""
+"This option configures the resolution of the console\\&. This may be changed "
+"in the boot menu itself and will be stored as an EFI variable in that case, "
+"overriding this option\\&."
+msgstr ""
+
+#. type: Plain text
+#: archlinux debian-unstable mageia-cauldron
+msgid ""
+"Takes a number or one of the special values listed below\\&. The following "
+"values may be used:"
+msgstr ""
+
+#. type: Plain text
+#: archlinux debian-bookworm debian-unstable mageia-cauldron
+msgid "0"
+msgstr ""
+
+#. type: Plain text
+#: archlinux debian-bookworm debian-unstable mageia-cauldron
+msgid "Standard UEFI 80x25 mode"
+msgstr ""
+
+#. type: Plain text
+#: archlinux debian-bookworm debian-unstable mageia-cauldron
+msgid "1"
+msgstr ""
+
+#. type: Plain text
+#: archlinux debian-bookworm debian-unstable mageia-cauldron
+msgid "80x50 mode, not supported by all devices"
+msgstr ""
+
+#. type: Plain text
+#: archlinux debian-bookworm debian-unstable mageia-cauldron
+msgid "2"
+msgstr ""
+
+#. type: Plain text
+#: archlinux debian-bookworm debian-unstable mageia-cauldron
+msgid "the first non-standard mode provided by the device firmware, if any"
+msgstr ""
+
+#. type: Plain text
+#: archlinux debian-bookworm debian-unstable mageia-cauldron
+msgid "auto"
+msgstr ""
+
+#. type: Plain text
+#: archlinux debian-bookworm debian-unstable mageia-cauldron
+msgid "Pick a suitable mode automatically using heuristics"
+msgstr ""
+
+#. type: Plain text
+#: archlinux debian-bookworm debian-unstable mageia-cauldron
+msgid "max"
+msgstr ""
+
+#. type: Plain text
+#: archlinux debian-bookworm debian-unstable mageia-cauldron
+msgid "Pick the highest-numbered available mode"
+msgstr ""
+
+#. type: Plain text
+#: archlinux debian-bookworm debian-unstable mageia-cauldron
+msgid "keep"
+msgstr ""
+
+#. type: Plain text
+#: archlinux debian-bookworm debian-unstable mageia-cauldron
+msgid "Keep the mode selected by firmware (the default)"
+msgstr ""
+
+#. type: Plain text
+#: archlinux debian-bookworm debian-unstable mageia-cauldron
+msgid "editor"
+msgstr ""
+
+#. type: Plain text
+#: archlinux debian-bookworm debian-unstable mageia-cauldron
+msgid ""
+"Takes a boolean argument\\&. Enable (the default) or disable the editor\\&. "
+"The editor should be disabled if the machine can be accessed by unauthorized "
+"persons\\&."
+msgstr ""
+
+#. type: Plain text
+#: archlinux debian-bookworm debian-unstable mageia-cauldron
+msgid "auto-entries"
+msgstr ""
+
+#. type: Plain text
+#: archlinux debian-bookworm debian-unstable mageia-cauldron
+msgid ""
+"Takes a boolean argument\\&. Enable (the default) or disable entries for "
+"other boot entries found on the boot partition\\&. In particular, this may "
+"be useful when loader entries are created to show replacement descriptions "
+"for those entries\\&."
+msgstr ""
+
+#. type: Plain text
+#: archlinux debian-bookworm debian-unstable mageia-cauldron
+msgid "auto-firmware"
+msgstr ""
+
+#. type: Plain text
+#: archlinux debian-unstable mageia-cauldron
+msgid ""
+"A boolean controlling the presence of the \"Reboot Into Firmware Interface\" "
+"entry (enabled by default)\\&. If this is disabled, the firmware interface "
+"may still be reached by using the f key\\&."
+msgstr ""
+
+#. type: Plain text
+#: archlinux debian-bookworm debian-unstable mageia-cauldron
+msgid "beep"
+msgstr ""
+
+#. type: Plain text
+#: archlinux debian-bookworm debian-unstable mageia-cauldron
+msgid ""
+"Takes a boolean argument\\&. If timeout enabled beep every second, otherwise "
+"beep n times when n-th entry in boot menu is selected (default disabled)\\&. "
+"Currently, only x86 is supported, where it uses the PC speaker\\&."
+msgstr ""
+
+#. type: Plain text
+#: archlinux debian-unstable mageia-cauldron
+msgid "Added in version 251\\&."
+msgstr ""
+
+#. type: Plain text
+#: archlinux debian-bookworm debian-unstable mageia-cauldron
+msgid "secure-boot-enroll"
+msgstr ""
+
+#. type: Plain text
+#: archlinux debian-bookworm debian-unstable mageia-cauldron
+msgid ""
+"Danger: this feature might soft-brick your device if used improperly\\&."
+msgstr ""
+
+#. type: Plain text
+#: archlinux debian-bookworm debian-unstable mageia-cauldron
+msgid ""
+"Controls enrollment of secure boot keys found on the ESP if the system is in "
+"setup mode:"
+msgstr ""
+
+#. type: Plain text
+#: archlinux debian-bookworm debian-unstable mageia-cauldron
+msgid "B<off>"
+msgstr ""
+
+#. type: Plain text
+#: archlinux debian-bookworm debian-unstable mageia-cauldron
+msgid "No action is taken\\&."
+msgstr ""
+
+#. type: Plain text
+#: archlinux debian-unstable mageia-cauldron
+msgid "Added in version 253\\&."
+msgstr ""
+
+#. type: Plain text
+#: archlinux debian-bookworm debian-unstable mageia-cauldron
+msgid "B<manual>"
+msgstr ""
+
+#. type: Plain text
+#: archlinux debian-bookworm debian-unstable mageia-cauldron
+msgid ""
+"Boot entries for found secure boot keys are created that allow manual "
+"enrollment\\&."
+msgstr ""
+
+#. type: Plain text
+#: archlinux debian-bookworm debian-unstable mageia-cauldron
+msgid "B<if-safe>"
+msgstr ""
+
+#. type: Plain text
+#: archlinux debian-bookworm debian-unstable mageia-cauldron
+msgid ""
+"Same behavior as B<manual>, but will try to automatically enroll the key "
+"\"auto\" if it is considered to be safe\\&. Currently, this is only the case "
+"if the system is running inside a virtual machine\\&."
+msgstr ""
+
+#. type: Plain text
+#: archlinux debian-bookworm debian-unstable mageia-cauldron
+msgid "B<force>"
+msgstr ""
+
+#. type: Plain text
+#: archlinux debian-bookworm debian-unstable mageia-cauldron
+msgid ""
+"Always enroll the \"auto\" key if found\\&. Note that a warning message with "
+"a timeout will still be shown if this operation is unknown to be safe\\&."
+msgstr ""
+
+#. type: Plain text
+#: archlinux debian-bookworm debian-unstable mageia-cauldron
+msgid ""
+"The different sets of variables can be set up under /loader/keys/I<NAME> "
+"where I<NAME> is the name that is going to be used as the name of the "
+"entry\\&. This allows one to ship multiple sets of Secure Boot variables and "
+"choose which one to enroll at runtime\\&."
+msgstr ""
+
+#. type: Plain text
+#: archlinux debian-bookworm debian-unstable mageia-cauldron
+msgid ""
+"Supported Secure Boot variables are one database for authorized images, one "
+"for the key exchange key (KEK) and one for the platform key (PK)\\&. For "
+"more information, refer to the \\m[blue]B<UEFI "
+"specification>\\m[]\\&\\s-2\\u[2]\\d\\s+2, under Secure Boot and Driver "
+"Signing\\&. Another resource that describe the interplay of the different "
+"variables is the \\m[blue]B<EDK2 "
+"documentation>\\m[]\\&\\s-2\\u[3]\\d\\s+2\\&."
+msgstr ""
+
+#. type: Plain text
+#: archlinux debian-bookworm debian-unstable mageia-cauldron
+msgid ""
+"A complete set of UEFI variable includes db\\&.auth, KEK\\&.auth and PK\\&."
+"auth\\&. Note that these files need to be authenticated UEFI variables\\&. "
+"See below for an example of how to generate them from regular X\\&.509 "
+"keys\\&."
+msgstr ""
+
+#. type: Plain text
+#: archlinux debian-unstable mageia-cauldron
+#, no-wrap
+msgid ""
+"uuid=$(systemd-id128 new --uuid)\n"
+"for key in PK KEK db; do\n"
+"  openssl req -new -x509 -subj \"/CN=${key}/\" -keyout \"${key}\\&.key\" -out \"${key}\\&.pem\"\n"
+"  openssl x509 -outform DER -in \"${key}\\&.pem\" -out \"${key}\\&.der\"\n"
+"  sbsiglist --owner \"${uuid}\" --type x509 --output \"${key}\\&.esl\" \"${key}\\&.der\"\n"
+"done\n"
+msgstr ""
+
+#. type: Plain text
+#: archlinux debian-unstable mageia-cauldron
+#, no-wrap
+msgid ""
+"# See also: \\m[blue]B<Windows Secure Boot Key Creation and Management Guidance>\\m[]\\&\\s-2\\u[4]\\d\\s+2\n"
+"curl --location \\e\n"
+"     \"https://go\\&.microsoft\\&.com/fwlink/p/?linkid=321192\" -o ms-db-2011\\&.der \\e\n"
+"     \"https://go\\&.microsoft\\&.com/fwlink/p/?linkid=321185\" -o ms-kek-2011\\&.der \\e\n"
+"     \"https://go\\&.microsoft\\&.com/fwlink/p/?linkid=321194\" -o ms-uefi-db-2011\\&.der \\e\n"
+"     \"https://go\\&.microsoft\\&.com/fwlink/p/?linkid=2239776\" -o ms-db-2023\\&.der \\e\n"
+"     \"https://go\\&.microsoft\\&.com/fwlink/p/?linkid=2239775\" -o ms-kek-2023\\&.der \\e\n"
+"     \"https://go\\&.microsoft\\&.com/fwlink/p/?linkid=2239872\" -o ms-uefi-db-2023\\&.der\n"
+"sha1sum -c E<lt>E<lt>END\n"
+"580a6f4cc4e4b669b9ebdc1b2b3e087b80d0678d  ms-db-2011\\&.der\n"
+"31590bfd89c9d74ed087dfac66334b3931254b30  ms-kek-2011\\&.der\n"
+"46def63b5ce61cf8ba0de2e6639c1019d0ed14f3  ms-uefi-db-2011\\&.der\n"
+"45a0fa32604773c82433c3b7d59e7466b3ac0c67  ms-db-2023\\&.der\n"
+"459ab6fb5e284d272d5e3e6abc8ed663829d632b  ms-kek-2023\\&.der\n"
+"b5eeb4a6706048073f0ed296e7f580a790b59eaa  ms-uefi-db-2023\\&.der\n"
+"END\n"
+"for key in ms-*\\&.der; do\n"
+"  sbsiglist --owner 77fa9abd-0359-4d32-bd60-28f4e78f784b --type x509 --output \"${key%der}esl\" \"${key}\"\n"
+"done\n"
+msgstr ""
+
+#. type: Plain text
+#: archlinux debian-unstable mageia-cauldron
+#, no-wrap
+msgid ""
+"# Optionally add Microsoft Windows certificates (needed to boot into Windows)\\&.\n"
+"cat ms-db-*\\&.esl E<gt>E<gt>db\\&.esl\n"
+msgstr ""
+
+#. type: Plain text
+#: archlinux debian-unstable mageia-cauldron
+#, no-wrap
+msgid ""
+"# Optionally add Microsoft UEFI certificates for firmware drivers / option ROMs and third-party\n"
+"# boot loaders (including shim)\\&. This is highly recommended on real hardware as not including this\n"
+"# may soft-brick your device (see next paragraph)\\&.\n"
+"cat ms-uefi-*\\&.esl E<gt>E<gt>db\\&.esl\n"
+msgstr ""
+
+#. type: Plain text
+#: archlinux debian-unstable mageia-cauldron
+#, no-wrap
+msgid ""
+"# Optionally add Microsoft KEK certificates\\&. Recommended if either of the Microsoft keys is used as\n"
+"# the official UEFI revocation database is signed with this key\\&. The revocation database can be\n"
+"# updated with B<fwupdmgr>(1)\\&.\n"
+"cat ms-kek-*\\&.esl E<gt>E<gt>KEK\\&.esl\n"
+msgstr ""
+
+#. type: Plain text
+#: archlinux debian-unstable mageia-cauldron
+#, no-wrap
+msgid ""
+"attr=NON_VOLATILE,RUNTIME_ACCESS,BOOTSERVICE_ACCESS,TIME_BASED_AUTHENTICATED_WRITE_ACCESS\n"
+"sbvarsign --attr \"${attr}\" --key PK\\&.key --cert PK\\&.pem --output PK\\&.auth PK PK\\&.esl\n"
+"sbvarsign --attr \"${attr}\" --key PK\\&.key --cert PK\\&.pem --output KEK\\&.auth KEK KEK\\&.esl\n"
+"sbvarsign --attr \"${attr}\" --key KEK\\&.key --cert KEK\\&.pem --output db\\&.auth db db\\&.esl\n"
+msgstr ""
+
+#. type: Plain text
+#: archlinux debian-unstable mageia-cauldron
+msgid ""
+"This feature is considered dangerous because even if all the required files "
+"are signed with the keys being loaded, some files necessary for the system "
+"to function properly still won\\*(Aqt be\\&. This is especially the case "
+"with Option ROMs (e\\&.g\\&. for storage controllers or graphics cards)\\&. "
+"See \\m[blue]B<Secure Boot and Option ROMs>\\m[]\\&\\s-2\\u[5]\\d\\s+2 for "
+"more details\\&."
+msgstr ""
+
+#. type: Plain text
+#: archlinux debian-unstable mageia-cauldron
+msgid "Added in version 252\\&."
+msgstr ""
+
+#. type: Plain text
+#: archlinux debian-bookworm debian-unstable mageia-cauldron
+msgid "reboot-for-bitlocker"
+msgstr ""
+
+#. type: Plain text
+#: archlinux debian-bookworm debian-unstable mageia-cauldron
+msgid ""
+"Caveat: This feature is experimental, and is likely to be changed (or "
+"removed in its current form) in a future version of systemd\\&."
+msgstr ""
+
+#. type: Plain text
+#: archlinux debian-bookworm debian-unstable mageia-cauldron
+msgid ""
+"Work around BitLocker requiring a recovery key when the boot loader was "
+"updated (disabled by default)\\&."
+msgstr ""
+
+#. type: Plain text
+#: archlinux debian-bookworm debian-unstable mageia-cauldron
+msgid ""
+"Try to detect BitLocker encrypted drives along with an active TPM\\&. If "
+"both are found and Windows Boot Manager is selected in the boot menu, set "
+"the \"BootNext\" EFI variable and restart the system\\&. The firmware will "
+"then start Windows Boot Manager directly, leaving the TPM PCRs in expected "
+"states so that Windows can unseal the encryption key\\&. This allows "
+"B<systemd-boot>(7)  to be updated without having to provide the recovery key "
+"for BitLocker drive unlocking\\&."
+msgstr ""
+
+#. type: Plain text
+#: archlinux debian-bookworm debian-unstable mageia-cauldron
+msgid ""
+"Note that the PCRs that Windows uses can be configured with the \"Configure "
+"TPM platform validation profile for native UEFI firmware configurations\" "
+"group policy under \"Computer Configuration\\eAdministrative "
+"Templates\\eWindows Components\\eBitLocker Drive Encryption\"\\&. When "
+"Secure Boot is enabled, changing this to PCRs \"0,2,7,11\" should be "
+"safe\\&. The TPM key protector needs to be removed and then added back for "
+"the PCRs on an already encrypted drive to change\\&. If PCR 4 is not "
+"measured, this setting can be disabled to speed up booting into Windows\\&."
+msgstr ""
+
+#. type: SH
+#: archlinux debian-bookworm debian-unstable mageia-cauldron
+#, no-wrap
+msgid "EXAMPLE"
+msgstr ""
+
+#. type: Plain text
+#: archlinux debian-bookworm debian-unstable mageia-cauldron
+#, no-wrap
+msgid ""
+"# /boot/efi/loader/loader\\&.conf\n"
+"timeout 0\n"
+"default 01234567890abcdef1234567890abdf0-*\n"
+"editor no\n"
+msgstr ""
+
+#. type: Plain text
+#: archlinux debian-bookworm debian-unstable mageia-cauldron
+msgid ""
+"The menu will not be shown by default (the menu can still be shown by "
+"pressing and holding a key during boot)\\&. One of the entries with files "
+"with a name starting with \"01234567890abcdef1234567890abdf0-\" will be "
+"selected by default\\&. If more than one entry matches, the one with the "
+"highest priority will be selected (generally the one with the highest "
+"version number)\\&. The editor will be disabled, so it is not possible to "
+"alter the kernel command line\\&."
+msgstr ""
+
+#. type: SH
+#: archlinux debian-bookworm debian-unstable mageia-cauldron
+#, no-wrap
+msgid "SEE ALSO"
+msgstr ""
+
+#. type: Plain text
+#: archlinux debian-bookworm debian-unstable mageia-cauldron
+msgid "B<systemd-boot>(7), B<bootctl>(1)"
+msgstr ""
+
+#. type: SH
+#: archlinux debian-bookworm debian-unstable mageia-cauldron
+#, no-wrap
+msgid "NOTES"
+msgstr ""
+
+#. type: IP
+#: archlinux debian-bookworm debian-unstable mageia-cauldron
+#, no-wrap
+msgid " 1."
+msgstr ""
+
+#. type: Plain text
+#: archlinux debian-bookworm debian-unstable mageia-cauldron
+msgid "Boot Loader Specification"
+msgstr ""
+
+#. type: Plain text
+#: archlinux debian-bookworm debian-unstable mageia-cauldron
+msgid ""
+"\\%https://uapi-group.org/specifications/specs/boot_loader_specification"
+msgstr ""
+
+#. type: IP
+#: archlinux debian-bookworm debian-unstable mageia-cauldron
+#, no-wrap
+msgid " 2."
+msgstr ""
+
+#. type: Plain text
+#: archlinux debian-bookworm debian-unstable mageia-cauldron
+msgid "UEFI specification"
+msgstr ""
+
+#. type: Plain text
+#: archlinux debian-bookworm debian-unstable mageia-cauldron
+msgid "\\%https://uefi.org/specifications"
+msgstr ""
+
+#. type: IP
+#: archlinux debian-bookworm debian-unstable mageia-cauldron
+#, no-wrap
+msgid " 3."
+msgstr ""
+
+#. type: Plain text
+#: archlinux debian-bookworm debian-unstable mageia-cauldron
+msgid "EDK2 documentation"
+msgstr ""
+
+#. type: Plain text
+#: archlinux debian-bookworm debian-unstable mageia-cauldron
+msgid ""
+"\\%https://edk2-docs.gitbook.io/understanding-the-uefi-secure-boot-chain/"
+"secure_boot_chain_in_uefi/uefi_secure_boot"
+msgstr ""
+
+#. type: IP
+#: archlinux debian-bookworm debian-unstable mageia-cauldron
+#, no-wrap
+msgid " 4."
+msgstr ""
+
+#. type: Plain text
+#: archlinux debian-unstable mageia-cauldron
+msgid "Windows Secure Boot Key Creation and Management Guidance"
+msgstr ""
+
+#. type: Plain text
+#: archlinux debian-unstable mageia-cauldron
+msgid ""
+"\\%https://learn.microsoft.com/en-us/windows-hardware/manufacture/desktop/"
+"windows-secure-boot-key-creation-and-management-guidance"
+msgstr ""
+
+#. type: IP
+#: archlinux debian-unstable mageia-cauldron
+#, no-wrap
+msgid " 5."
+msgstr ""
+
+#. type: Plain text
+#: archlinux debian-bookworm debian-unstable mageia-cauldron
+msgid "Secure Boot and Option ROMs"
+msgstr ""
+
+#. type: Plain text
+#: archlinux debian-bookworm debian-unstable mageia-cauldron
+msgid "\\%https://github.com/Foxboron/sbctl/wiki/FAQ#option-rom"
+msgstr ""
+
+#. type: TH
+#: debian-bookworm
+#, no-wrap
+msgid "systemd 254"
+msgstr ""
+
+#. type: Plain text
+#: debian-bookworm
+msgid ""
+"If set to \"menu-hidden\" or \"0\" (the default) no menu is shown and the "
+"default entry will be booted immediately\\&. The menu can be shown by "
+"pressing and holding a key before systemd-boot is launched\\&. Setting this "
+"to \"menu-force\" disables the timeout while always showing the menu\\&."
+msgstr ""
+
+#. type: Plain text
+#: debian-bookworm
+msgid ""
+"This option configures the resolution of the console\\&. Takes a number or "
+"one of the special values listed below\\&. The following values may be used:"
+msgstr ""
+
+#. type: Plain text
+#: debian-bookworm
+msgid ""
+"A boolean controlling the presence of the \"Reboot into firmware\" entry "
+"(enabled by default)\\&. If this is disabled, the firmware interface may "
+"still be reached by using the f key\\&."
+msgstr ""
+
+#. type: Plain text
+#: debian-bookworm
+#, no-wrap
+msgid ""
+"uuid=$(systemd-id128 new --uuid)\n"
+"for key in PK KEK db; do\n"
+"  openssl req -new -x509 -subj \"/CN=${key}/\" -keyout \"${key}\\&.key\" -out \"${key}\\&.crt\"\n"
+"  openssl x509 -outform DER -in \"${key}\\&.crt\" -out \"${key}\\&.der\"\n"
+"  sbsiglist --owner \"${uuid}\" --type x509 --output \"${key}\\&.esl\" \"${key}\\&.der\"\n"
+"done\n"
+msgstr ""
+
+#. type: Plain text
+#: debian-bookworm
+#, no-wrap
+msgid ""
+"for key in MicWinProPCA2011_2011-10-19\\&.crt MicCorUEFCA2011_2011-06-27\\&.crt MicCorKEKCA2011_2011-06-24\\&.crt; do\n"
+"  curl \"https://www\\&.microsoft\\&.com/pkiops/certs/${key}\" --output \"${key}\"\n"
+"  sbsiglist --owner 77fa9abd-0359-4d32-bd60-28f4e78f784b --type x509 --output \"${key%crt}esl\" \"${key}\"\n"
+"done\n"
+msgstr ""
+
+#. type: Plain text
+#: debian-bookworm
+#, no-wrap
+msgid ""
+"# Optionally add Microsoft Windows Production CA 2011 (needed to boot into Windows)\\&.\n"
+"cat MicWinProPCA2011_2011-10-19\\&.esl E<gt>E<gt>db\\&.esl\n"
+msgstr ""
+
+#. type: Plain text
+#: debian-bookworm
+#, no-wrap
+msgid ""
+"# Optionally add Microsoft Corporation UEFI CA 2011 for firmware drivers / option ROMs\n"
+"# and third-party boot loaders (including shim)\\&. This is highly recommended on real\n"
+"# hardware as not including this may soft-brick your device (see next paragraph)\\&.\n"
+"cat MicCorUEFCA2011_2011-06-27\\&.esl E<gt>E<gt>db\\&.esl\n"
+msgstr ""
+
+#. type: Plain text
+#: debian-bookworm
+#, no-wrap
+msgid ""
+"# Optionally add Microsoft Corporation KEK CA 2011\\&. Recommended if either of the\n"
+"# Microsoft keys is used as the official UEFI revocation database is signed with this\n"
+"# key\\&. The revocation database can be updated with B<fwupdmgr>(1)\\&.\n"
+"cat MicCorKEKCA2011_2011-06-24\\&.esl E<gt>E<gt>KEK\\&.esl\n"
+msgstr ""
+
+#. type: Plain text
+#: debian-bookworm
+#, no-wrap
+msgid ""
+"attr=NON_VOLATILE,RUNTIME_ACCESS,BOOTSERVICE_ACCESS,TIME_BASED_AUTHENTICATED_WRITE_ACCESS\n"
+"sbvarsign --attr ${attr} --key PK\\&.key --cert PK\\&.crt --output PK\\&.auth PK PK\\&.esl\n"
+"sbvarsign --attr ${attr} --key PK\\&.key --cert PK\\&.crt --output KEK\\&.auth KEK KEK\\&.esl\n"
+"sbvarsign --attr ${attr} --key KEK\\&.key --cert KEK\\&.crt --output db\\&.auth db db\\&.esl\n"
+msgstr ""
+
+#. type: Plain text
+#: debian-bookworm
+msgid ""
+"This feature is considered dangerous because even if all the required files "
+"are signed with the keys being loaded, some files necessary for the system "
+"to function properly still won\\*(Aqt be\\&. This is especially the case "
+"with Option ROMs (e\\&.g\\&. for storage controllers or graphics cards)\\&. "
+"See \\m[blue]B<Secure Boot and Option ROMs>\\m[]\\&\\s-2\\u[4]\\d\\s+2 for "
+"more details\\&."
+msgstr ""