Skip to content

Commit 248908d

Browse files
nl6720jelly
nl6720
authored and
jelly
committed
archlinux.ipxe: Turn on OpenSSL CMS signature varification for root file system
See https://gitlab.archlinux.org/mkinitcpio/mkinitcpio-archiso/-/merge_requests/24 for details. After there have been at least three releases with OpenSSL signed netboot artifacts, the GPG-based verification option "verify=y" can be removed.
1 parent 50e0cf7 commit 248908d

File tree

1 file changed

+1
-1
lines changed

1 file changed

+1
-1
lines changed

templates/releng/archlinux.ipxe

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -132,7 +132,7 @@ initrd ${mirrorurl}iso/${release}/arch/boot/intel-ucode.img || goto failed_downl
132132
imgverify intel-ucode.img ${mirrorurl}iso/${release}/arch/boot/intel-ucode.img.ipxe.sig || goto failed_verify
133133
initrd ${mirrorurl}iso/${release}/arch/boot/x86_64/initramfs-linux.img || goto failed_download
134134
imgverify initramfs-linux.img ${mirrorurl}iso/${release}/arch/boot/x86_64/initramfs-linux.img.ipxe.sig || goto failed_verify
135-
imgargs vmlinuz-linux initrd=amd-ucode.img initrd=intel-ucode.img initrd=initramfs-linux.img archiso_http_srv=${mirrorurl}iso/${release}/ archisobasedir=arch verify=y ${extrabootoptions}
135+
imgargs vmlinuz-linux initrd=amd-ucode.img initrd=intel-ucode.img initrd=initramfs-linux.img archiso_http_srv=${mirrorurl}iso/${release}/ archisobasedir=arch verify=y cms_verify=y ${extrabootoptions}
136136
boot || goto failed_boot
137137

138138
:failed_download

0 commit comments

Comments
 (0)