Next: append_add_dbx_cert, Previous: append_add_db_cert, Up: Command-line commands [Contents][Index]
Read a binary hash from the file hash_file
and add it to GRUB’s internal db list of trusted binary hashes. These
hashes are used to validate the Linux kernel/GRUB module binary hashes when the
environment variable check_appended_signatures
(see check_appended_signatures) is set to yes or the
append_verify (see append_verify) command is executed
from the GRUB console.
Here is an example for how to generate a SHA-256 hash for a file. The hash will be in binary format:
# The vmlinux (kernel image) file is your binary file, and # it should be unsigned. # # Generate the binary_hash.bin file from the vmlinux file # using OpenSSL command openssl dgst -binary -sha256 -out binary_hash.bin vmlinux
See Using appended signatures in GRUB for more information.