# SOME DESCRIPTIVE TITLE # Copyright (C) YEAR Free Software Foundation, Inc. # This file is distributed under the same license as the PACKAGE package. # FIRST AUTHOR , YEAR. # #, fuzzy msgid "" msgstr "" "Project-Id-Version: PACKAGE VERSION\n" "POT-Creation-Date: 2024-03-01 17:00+0100\n" "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" "Last-Translator: FULL NAME \n" "Language-Team: LANGUAGE \n" "Language: \n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" #. type: TH #: archlinux debian-bookworm debian-unstable mageia-cauldron #, no-wrap msgid "LOADER\\&.CONF" msgstr "" #. type: TH #: archlinux debian-unstable mageia-cauldron #, no-wrap msgid "systemd 255" msgstr "" #. type: TH #: archlinux debian-bookworm debian-unstable mageia-cauldron #, no-wrap msgid "loader.conf" msgstr "" #. ----------------------------------------------------------------- #. * MAIN CONTENT STARTS HERE * #. ----------------------------------------------------------------- #. type: SH #: archlinux debian-bookworm debian-unstable mageia-cauldron #, no-wrap msgid "NAME" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable mageia-cauldron msgid "loader.conf - Configuration file for systemd-boot" msgstr "" #. type: SH #: archlinux debian-bookworm debian-unstable mageia-cauldron #, no-wrap msgid "SYNOPSIS" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable mageia-cauldron msgid "" "I/loader/loader\\&.conf, I/loader/entries/*\\&.conf I/" "loader/entries/*\\&.conf" msgstr "" #. type: SH #: archlinux debian-bookworm debian-unstable mageia-cauldron #, no-wrap msgid "DESCRIPTION" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable mageia-cauldron msgid "" "B(7) will read I/loader/loader\\&.conf, and any files " "with the \"\\&.conf\" extension under I/loader/entries/ on the EFI " "system partition (ESP), and I/loader/entries/ on the extended boot " "loader partition (XBOOTLDR) as defined by \\m[blue]B\\m[]\\&\\s-2\\u[1]\\d\\s+2\\&." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable mageia-cauldron msgid "" "Each of these configuration files must consist of series of newline (i\\&." "e\\&. ASCII code 10) separated lines, each consisting of an option name, " "followed by whitespace, and the option value\\&. \"#\" may be used to start " "a comment line\\&. Empty and comment lines are ignored\\&. The files use " "UTF-8 encoding\\&." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable mageia-cauldron msgid "" "Boolean arguments may be written as \"yes\"/\"y\"/\"true\"/\"t\"/\"on\"/" "\"1\" or \"no\"/\"n\"/\"false\"/\"f\"/\"off\"/\"0\"\\&." msgstr "" #. type: SH #: archlinux debian-bookworm debian-unstable mageia-cauldron #, no-wrap msgid "OPTIONS" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable mageia-cauldron msgid "" "The configuration options supported by I/loader/entries/*\\&.conf and " "I/loader/entries/*\\&.conf files are defined as part of the " "\\m[blue]B\\m[]\\&\\s-2\\u[1]\\d\\s+2\\&." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable mageia-cauldron msgid "" "The following configuration are supported by the loader\\&.conf " "configuration file:" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable mageia-cauldron msgid "default" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable mageia-cauldron msgid "" "A glob pattern to select the default entry\\&. The default entry may be " "changed in the boot menu itself, in which case the name of the selected " "entry will be stored as an EFI variable, overriding this option\\&." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable mageia-cauldron msgid "" "If set to \"@saved\" the chosen entry will be saved as an EFI variable on " "every boot and automatically selected the next time the boot loader " "starts\\&." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable mageia-cauldron msgid "" "B" msgstr "" #. type: tbl table #: archlinux debian-bookworm debian-unstable mageia-cauldron #, no-wrap msgid "Name" msgstr "" #. type: tbl table #: archlinux debian-bookworm debian-unstable mageia-cauldron #, no-wrap msgid "Description" msgstr "" #. type: tbl table #: archlinux debian-bookworm debian-unstable mageia-cauldron #, no-wrap msgid ".T&" msgstr "" #. type: tbl table #: archlinux debian-bookworm debian-unstable mageia-cauldron #, no-wrap msgid "l l" msgstr "" #. type: tbl table #: archlinux debian-bookworm debian-unstable mageia-cauldron #, no-wrap msgid "l l." msgstr "" #. type: tbl table #: archlinux debian-bookworm debian-unstable mageia-cauldron #, no-wrap msgid "auto-efi-default" msgstr "" #. type: tbl table #: archlinux debian-bookworm debian-unstable mageia-cauldron #, no-wrap msgid "EFI Default Loader" msgstr "" #. type: tbl table #: archlinux debian-bookworm debian-unstable mageia-cauldron #, no-wrap msgid "auto-efi-shell" msgstr "" #. type: tbl table #: archlinux debian-bookworm debian-unstable mageia-cauldron #, no-wrap msgid "EFI Shell" msgstr "" #. type: tbl table #: archlinux debian-bookworm debian-unstable mageia-cauldron #, no-wrap msgid "auto-osx" msgstr "" #. type: tbl table #: archlinux debian-bookworm debian-unstable mageia-cauldron #, no-wrap msgid "macOS" msgstr "" #. type: tbl table #: archlinux debian-unstable mageia-cauldron #, no-wrap msgid "auto-poweroff" msgstr "" #. type: tbl table #: archlinux debian-unstable mageia-cauldron #, no-wrap msgid "Power Off The System" msgstr "" #. type: tbl table #: archlinux debian-unstable mageia-cauldron #, no-wrap msgid "auto-reboot" msgstr "" #. type: tbl table #: archlinux debian-unstable mageia-cauldron #, no-wrap msgid "Reboot The System" msgstr "" #. type: tbl table #: archlinux debian-bookworm debian-unstable mageia-cauldron #, no-wrap msgid "auto-reboot-to-firmware-setup" msgstr "" #. type: tbl table #: archlinux debian-bookworm debian-unstable mageia-cauldron #, no-wrap msgid "Reboot Into Firmware Interface" msgstr "" #. type: tbl table #: archlinux debian-bookworm debian-unstable mageia-cauldron #, no-wrap msgid "auto-windows" msgstr "" #. type: tbl table #: archlinux debian-bookworm debian-unstable mageia-cauldron #, no-wrap msgid "Windows Boot Manager" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable mageia-cauldron msgid "" "Supported glob wildcard patterns are \"?\", \"*\", and " "\"[\\&...]\" (including ranges)\\&. Note that these patterns use the same " "syntax as B(7), but do not support all features\\&. In particular, set " "negation and named character classes are not supported\\&. The matching is " "done case-insensitively on the entry ID (as shown by B)\\&." msgstr "" #. type: Plain text #: archlinux debian-unstable mageia-cauldron msgid "Added in version 239\\&." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable mageia-cauldron msgid "timeout" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable mageia-cauldron msgid "" "How long the boot menu should be shown before the default entry is booted, " "in seconds\\&. This may be changed in the boot menu itself and will be " "stored as an EFI variable in that case, overriding this option\\&." msgstr "" #. type: Plain text #: archlinux debian-unstable mageia-cauldron msgid "" "If set to \"menu-disabled\" or \"menu-hidden\" or \"0\" (the default), no " "menu is shown and the default entry will be booted immediately\\&. Unless " "\"menu-disabled\" is used, the menu can be shown by pressing and holding a " "key before systemd-boot is launched\\&. Setting this to \"menu-force\" " "disables the timeout while always showing the menu\\&." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable mageia-cauldron msgid "console-mode" msgstr "" #. type: Plain text #: archlinux debian-unstable mageia-cauldron msgid "" "This option configures the resolution of the console\\&. This may be changed " "in the boot menu itself and will be stored as an EFI variable in that case, " "overriding this option\\&." msgstr "" #. type: Plain text #: archlinux debian-unstable mageia-cauldron msgid "" "Takes a number or one of the special values listed below\\&. The following " "values may be used:" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable mageia-cauldron msgid "0" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable mageia-cauldron msgid "Standard UEFI 80x25 mode" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable mageia-cauldron msgid "1" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable mageia-cauldron msgid "80x50 mode, not supported by all devices" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable mageia-cauldron msgid "2" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable mageia-cauldron msgid "the first non-standard mode provided by the device firmware, if any" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable mageia-cauldron msgid "auto" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable mageia-cauldron msgid "Pick a suitable mode automatically using heuristics" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable mageia-cauldron msgid "max" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable mageia-cauldron msgid "Pick the highest-numbered available mode" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable mageia-cauldron msgid "keep" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable mageia-cauldron msgid "Keep the mode selected by firmware (the default)" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable mageia-cauldron msgid "editor" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable mageia-cauldron msgid "" "Takes a boolean argument\\&. Enable (the default) or disable the editor\\&. " "The editor should be disabled if the machine can be accessed by unauthorized " "persons\\&." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable mageia-cauldron msgid "auto-entries" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable mageia-cauldron msgid "" "Takes a boolean argument\\&. Enable (the default) or disable entries for " "other boot entries found on the boot partition\\&. In particular, this may " "be useful when loader entries are created to show replacement descriptions " "for those entries\\&." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable mageia-cauldron msgid "auto-firmware" msgstr "" #. type: Plain text #: archlinux debian-unstable mageia-cauldron msgid "" "A boolean controlling the presence of the \"Reboot Into Firmware Interface\" " "entry (enabled by default)\\&. If this is disabled, the firmware interface " "may still be reached by using the f key\\&." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable mageia-cauldron msgid "beep" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable mageia-cauldron msgid "" "Takes a boolean argument\\&. If timeout enabled beep every second, otherwise " "beep n times when n-th entry in boot menu is selected (default disabled)\\&. " "Currently, only x86 is supported, where it uses the PC speaker\\&." msgstr "" #. type: Plain text #: archlinux debian-unstable mageia-cauldron msgid "Added in version 251\\&." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable mageia-cauldron msgid "secure-boot-enroll" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable mageia-cauldron msgid "" "Danger: this feature might soft-brick your device if used improperly\\&." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable mageia-cauldron msgid "" "Controls enrollment of secure boot keys found on the ESP if the system is in " "setup mode:" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable mageia-cauldron msgid "B" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable mageia-cauldron msgid "No action is taken\\&." msgstr "" #. type: Plain text #: archlinux debian-unstable mageia-cauldron msgid "Added in version 253\\&." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable mageia-cauldron msgid "B" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable mageia-cauldron msgid "" "Boot entries for found secure boot keys are created that allow manual " "enrollment\\&." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable mageia-cauldron msgid "B" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable mageia-cauldron msgid "" "Same behavior as B, but will try to automatically enroll the key " "\"auto\" if it is considered to be safe\\&. Currently, this is only the case " "if the system is running inside a virtual machine\\&." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable mageia-cauldron msgid "B" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable mageia-cauldron msgid "" "Always enroll the \"auto\" key if found\\&. Note that a warning message with " "a timeout will still be shown if this operation is unknown to be safe\\&." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable mageia-cauldron msgid "" "The different sets of variables can be set up under /loader/keys/I " "where I is the name that is going to be used as the name of the " "entry\\&. This allows one to ship multiple sets of Secure Boot variables and " "choose which one to enroll at runtime\\&." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable mageia-cauldron msgid "" "Supported Secure Boot variables are one database for authorized images, one " "for the key exchange key (KEK) and one for the platform key (PK)\\&. For " "more information, refer to the \\m[blue]B\\m[]\\&\\s-2\\u[2]\\d\\s+2, under Secure Boot and Driver " "Signing\\&. Another resource that describe the interplay of the different " "variables is the \\m[blue]B\\m[]\\&\\s-2\\u[3]\\d\\s+2\\&." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable mageia-cauldron msgid "" "A complete set of UEFI variable includes db\\&.auth, KEK\\&.auth and PK\\&." "auth\\&. Note that these files need to be authenticated UEFI variables\\&. " "See below for an example of how to generate them from regular X\\&.509 " "keys\\&." msgstr "" #. type: Plain text #: archlinux debian-unstable mageia-cauldron #, no-wrap msgid "" "uuid=$(systemd-id128 new --uuid)\n" "for key in PK KEK db; do\n" " openssl req -new -x509 -subj \"/CN=${key}/\" -keyout \"${key}\\&.key\" -out \"${key}\\&.pem\"\n" " openssl x509 -outform DER -in \"${key}\\&.pem\" -out \"${key}\\&.der\"\n" " sbsiglist --owner \"${uuid}\" --type x509 --output \"${key}\\&.esl\" \"${key}\\&.der\"\n" "done\n" msgstr "" #. type: Plain text #: archlinux debian-unstable mageia-cauldron #, no-wrap msgid "" "# See also: \\m[blue]B\\m[]\\&\\s-2\\u[4]\\d\\s+2\n" "curl --location \\e\n" " \"https://go\\&.microsoft\\&.com/fwlink/p/?linkid=321192\" -o ms-db-2011\\&.der \\e\n" " \"https://go\\&.microsoft\\&.com/fwlink/p/?linkid=321185\" -o ms-kek-2011\\&.der \\e\n" " \"https://go\\&.microsoft\\&.com/fwlink/p/?linkid=321194\" -o ms-uefi-db-2011\\&.der \\e\n" " \"https://go\\&.microsoft\\&.com/fwlink/p/?linkid=2239776\" -o ms-db-2023\\&.der \\e\n" " \"https://go\\&.microsoft\\&.com/fwlink/p/?linkid=2239775\" -o ms-kek-2023\\&.der \\e\n" " \"https://go\\&.microsoft\\&.com/fwlink/p/?linkid=2239872\" -o ms-uefi-db-2023\\&.der\n" "sha1sum -c EEEND\n" "580a6f4cc4e4b669b9ebdc1b2b3e087b80d0678d ms-db-2011\\&.der\n" "31590bfd89c9d74ed087dfac66334b3931254b30 ms-kek-2011\\&.der\n" "46def63b5ce61cf8ba0de2e6639c1019d0ed14f3 ms-uefi-db-2011\\&.der\n" "45a0fa32604773c82433c3b7d59e7466b3ac0c67 ms-db-2023\\&.der\n" "459ab6fb5e284d272d5e3e6abc8ed663829d632b ms-kek-2023\\&.der\n" "b5eeb4a6706048073f0ed296e7f580a790b59eaa ms-uefi-db-2023\\&.der\n" "END\n" "for key in ms-*\\&.der; do\n" " sbsiglist --owner 77fa9abd-0359-4d32-bd60-28f4e78f784b --type x509 --output \"${key%der}esl\" \"${key}\"\n" "done\n" msgstr "" #. type: Plain text #: archlinux debian-unstable mageia-cauldron #, no-wrap msgid "" "# Optionally add Microsoft Windows certificates (needed to boot into Windows)\\&.\n" "cat ms-db-*\\&.esl EEdb\\&.esl\n" msgstr "" #. type: Plain text #: archlinux debian-unstable mageia-cauldron #, no-wrap msgid "" "# Optionally add Microsoft UEFI certificates for firmware drivers / option ROMs and third-party\n" "# boot loaders (including shim)\\&. This is highly recommended on real hardware as not including this\n" "# may soft-brick your device (see next paragraph)\\&.\n" "cat ms-uefi-*\\&.esl EEdb\\&.esl\n" msgstr "" #. type: Plain text #: archlinux debian-unstable mageia-cauldron #, no-wrap msgid "" "# Optionally add Microsoft KEK certificates\\&. Recommended if either of the Microsoft keys is used as\n" "# the official UEFI revocation database is signed with this key\\&. The revocation database can be\n" "# updated with B(1)\\&.\n" "cat ms-kek-*\\&.esl EEKEK\\&.esl\n" msgstr "" #. type: Plain text #: archlinux debian-unstable mageia-cauldron #, no-wrap msgid "" "attr=NON_VOLATILE,RUNTIME_ACCESS,BOOTSERVICE_ACCESS,TIME_BASED_AUTHENTICATED_WRITE_ACCESS\n" "sbvarsign --attr \"${attr}\" --key PK\\&.key --cert PK\\&.pem --output PK\\&.auth PK PK\\&.esl\n" "sbvarsign --attr \"${attr}\" --key PK\\&.key --cert PK\\&.pem --output KEK\\&.auth KEK KEK\\&.esl\n" "sbvarsign --attr \"${attr}\" --key KEK\\&.key --cert KEK\\&.pem --output db\\&.auth db db\\&.esl\n" msgstr "" #. type: Plain text #: archlinux debian-unstable mageia-cauldron msgid "" "This feature is considered dangerous because even if all the required files " "are signed with the keys being loaded, some files necessary for the system " "to function properly still won\\*(Aqt be\\&. This is especially the case " "with Option ROMs (e\\&.g\\&. for storage controllers or graphics cards)\\&. " "See \\m[blue]B\\m[]\\&\\s-2\\u[5]\\d\\s+2 for " "more details\\&." msgstr "" #. type: Plain text #: archlinux debian-unstable mageia-cauldron msgid "Added in version 252\\&." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable mageia-cauldron msgid "reboot-for-bitlocker" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable mageia-cauldron msgid "" "Caveat: This feature is experimental, and is likely to be changed (or " "removed in its current form) in a future version of systemd\\&." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable mageia-cauldron msgid "" "Work around BitLocker requiring a recovery key when the boot loader was " "updated (disabled by default)\\&." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable mageia-cauldron msgid "" "Try to detect BitLocker encrypted drives along with an active TPM\\&. If " "both are found and Windows Boot Manager is selected in the boot menu, set " "the \"BootNext\" EFI variable and restart the system\\&. The firmware will " "then start Windows Boot Manager directly, leaving the TPM PCRs in expected " "states so that Windows can unseal the encryption key\\&. This allows " "B(7) to be updated without having to provide the recovery key " "for BitLocker drive unlocking\\&." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable mageia-cauldron msgid "" "Note that the PCRs that Windows uses can be configured with the \"Configure " "TPM platform validation profile for native UEFI firmware configurations\" " "group policy under \"Computer Configuration\\eAdministrative " "Templates\\eWindows Components\\eBitLocker Drive Encryption\"\\&. When " "Secure Boot is enabled, changing this to PCRs \"0,2,7,11\" should be " "safe\\&. The TPM key protector needs to be removed and then added back for " "the PCRs on an already encrypted drive to change\\&. If PCR 4 is not " "measured, this setting can be disabled to speed up booting into Windows\\&." msgstr "" #. type: SH #: archlinux debian-bookworm debian-unstable mageia-cauldron #, no-wrap msgid "EXAMPLE" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable mageia-cauldron #, no-wrap msgid "" "# /boot/efi/loader/loader\\&.conf\n" "timeout 0\n" "default 01234567890abcdef1234567890abdf0-*\n" "editor no\n" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable mageia-cauldron msgid "" "The menu will not be shown by default (the menu can still be shown by " "pressing and holding a key during boot)\\&. One of the entries with files " "with a name starting with \"01234567890abcdef1234567890abdf0-\" will be " "selected by default\\&. If more than one entry matches, the one with the " "highest priority will be selected (generally the one with the highest " "version number)\\&. The editor will be disabled, so it is not possible to " "alter the kernel command line\\&." msgstr "" #. type: SH #: archlinux debian-bookworm debian-unstable mageia-cauldron #, no-wrap msgid "SEE ALSO" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable mageia-cauldron msgid "B(7), B(1)" msgstr "" #. type: SH #: archlinux debian-bookworm debian-unstable mageia-cauldron #, no-wrap msgid "NOTES" msgstr "" #. type: IP #: archlinux debian-bookworm debian-unstable mageia-cauldron #, no-wrap msgid " 1." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable mageia-cauldron msgid "Boot Loader Specification" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable mageia-cauldron msgid "" "\\%https://uapi-group.org/specifications/specs/boot_loader_specification" msgstr "" #. type: IP #: archlinux debian-bookworm debian-unstable mageia-cauldron #, no-wrap msgid " 2." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable mageia-cauldron msgid "UEFI specification" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable mageia-cauldron msgid "\\%https://uefi.org/specifications" msgstr "" #. type: IP #: archlinux debian-bookworm debian-unstable mageia-cauldron #, no-wrap msgid " 3." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable mageia-cauldron msgid "EDK2 documentation" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable mageia-cauldron msgid "" "\\%https://edk2-docs.gitbook.io/understanding-the-uefi-secure-boot-chain/" "secure_boot_chain_in_uefi/uefi_secure_boot" msgstr "" #. type: IP #: archlinux debian-bookworm debian-unstable mageia-cauldron #, no-wrap msgid " 4." msgstr "" #. type: Plain text #: archlinux debian-unstable mageia-cauldron msgid "Windows Secure Boot Key Creation and Management Guidance" msgstr "" #. type: Plain text #: archlinux debian-unstable mageia-cauldron msgid "" "\\%https://learn.microsoft.com/en-us/windows-hardware/manufacture/desktop/" "windows-secure-boot-key-creation-and-management-guidance" msgstr "" #. type: IP #: archlinux debian-unstable mageia-cauldron #, no-wrap msgid " 5." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable mageia-cauldron msgid "Secure Boot and Option ROMs" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable mageia-cauldron msgid "\\%https://github.com/Foxboron/sbctl/wiki/FAQ#option-rom" msgstr "" #. type: TH #: debian-bookworm #, no-wrap msgid "systemd 254" msgstr "" #. type: Plain text #: debian-bookworm msgid "" "If set to \"menu-hidden\" or \"0\" (the default) no menu is shown and the " "default entry will be booted immediately\\&. The menu can be shown by " "pressing and holding a key before systemd-boot is launched\\&. Setting this " "to \"menu-force\" disables the timeout while always showing the menu\\&." msgstr "" #. type: Plain text #: debian-bookworm msgid "" "This option configures the resolution of the console\\&. Takes a number or " "one of the special values listed below\\&. The following values may be used:" msgstr "" #. type: Plain text #: debian-bookworm msgid "" "A boolean controlling the presence of the \"Reboot into firmware\" entry " "(enabled by default)\\&. If this is disabled, the firmware interface may " "still be reached by using the f key\\&." msgstr "" #. type: Plain text #: debian-bookworm #, no-wrap msgid "" "uuid=$(systemd-id128 new --uuid)\n" "for key in PK KEK db; do\n" " openssl req -new -x509 -subj \"/CN=${key}/\" -keyout \"${key}\\&.key\" -out \"${key}\\&.crt\"\n" " openssl x509 -outform DER -in \"${key}\\&.crt\" -out \"${key}\\&.der\"\n" " sbsiglist --owner \"${uuid}\" --type x509 --output \"${key}\\&.esl\" \"${key}\\&.der\"\n" "done\n" msgstr "" #. type: Plain text #: debian-bookworm #, no-wrap msgid "" "for key in MicWinProPCA2011_2011-10-19\\&.crt MicCorUEFCA2011_2011-06-27\\&.crt MicCorKEKCA2011_2011-06-24\\&.crt; do\n" " curl \"https://www\\&.microsoft\\&.com/pkiops/certs/${key}\" --output \"${key}\"\n" " sbsiglist --owner 77fa9abd-0359-4d32-bd60-28f4e78f784b --type x509 --output \"${key%crt}esl\" \"${key}\"\n" "done\n" msgstr "" #. type: Plain text #: debian-bookworm #, no-wrap msgid "" "# Optionally add Microsoft Windows Production CA 2011 (needed to boot into Windows)\\&.\n" "cat MicWinProPCA2011_2011-10-19\\&.esl EEdb\\&.esl\n" msgstr "" #. type: Plain text #: debian-bookworm #, no-wrap msgid "" "# Optionally add Microsoft Corporation UEFI CA 2011 for firmware drivers / option ROMs\n" "# and third-party boot loaders (including shim)\\&. This is highly recommended on real\n" "# hardware as not including this may soft-brick your device (see next paragraph)\\&.\n" "cat MicCorUEFCA2011_2011-06-27\\&.esl EEdb\\&.esl\n" msgstr "" #. type: Plain text #: debian-bookworm #, no-wrap msgid "" "# Optionally add Microsoft Corporation KEK CA 2011\\&. Recommended if either of the\n" "# Microsoft keys is used as the official UEFI revocation database is signed with this\n" "# key\\&. The revocation database can be updated with B(1)\\&.\n" "cat MicCorKEKCA2011_2011-06-24\\&.esl EEKEK\\&.esl\n" msgstr "" #. type: Plain text #: debian-bookworm #, no-wrap msgid "" "attr=NON_VOLATILE,RUNTIME_ACCESS,BOOTSERVICE_ACCESS,TIME_BASED_AUTHENTICATED_WRITE_ACCESS\n" "sbvarsign --attr ${attr} --key PK\\&.key --cert PK\\&.crt --output PK\\&.auth PK PK\\&.esl\n" "sbvarsign --attr ${attr} --key PK\\&.key --cert PK\\&.crt --output KEK\\&.auth KEK KEK\\&.esl\n" "sbvarsign --attr ${attr} --key KEK\\&.key --cert KEK\\&.crt --output db\\&.auth db db\\&.esl\n" msgstr "" #. type: Plain text #: debian-bookworm msgid "" "This feature is considered dangerous because even if all the required files " "are signed with the keys being loaded, some files necessary for the system " "to function properly still won\\*(Aqt be\\&. This is especially the case " "with Option ROMs (e\\&.g\\&. for storage controllers or graphics cards)\\&. " "See \\m[blue]B\\m[]\\&\\s-2\\u[4]\\d\\s+2 for " "more details\\&." msgstr ""