This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision Last revision Both sides next revision | ||
cmd:imgverify [2012/03/24 23:50] mcb30 |
cmd:imgverify [2012/03/24 23:55] mcb30 |
||
---|---|---|---|
Line 31: | Line 31: | ||
iPXE> imgstat | iPXE> imgstat | ||
pxelinux.0 : 26672 bytes [PXE] [TRUSTED] [SELECTED] | pxelinux.0 : 26672 bytes [PXE] [TRUSTED] [SELECTED] | ||
- | |||
- | |||
===== Command status ===== | ===== Command status ===== | ||
Line 48: | Line 46: | ||
This command is available only when the build option ''[[:buildcfg:IMAGE_TRUST_CMD]]'' is enabled. | This command is available only when the build option ''[[:buildcfg:IMAGE_TRUST_CMD]]'' is enabled. | ||
+ | |||
+ | ===== Notes ===== | ||
+ | |||
+ | To gain any benefit from using digital signatures, you will probably want to use the ''[[:cmd:imgtrust]]'' command to ensure that only trusted images can be executed. | ||
+ | |||
+ | The signature file must be in DER format, and the certificate used to sign the code must possess the digitalSignature key usage extension and the codeSigning extended key usage extension. | ||
+ | |||
+ | The iPXE [[:crypto|cryptography guide]] contains instructions for creating a code-signing certificate and digital signatures. | ||