# Configuration for secureboot kernel hook # Kernel command line to embed into UEFI image. # Value starting with "/" or "." will be interpreted as a path to a file that # contains kernel command line parameters (lines starting with "#" will be # stripped and newlines replaced with spaces). # # It should *not* contain an initrd= parameter! Example of a valid cmdline: # root=UUID= modules=ext4 # # Hook will be inactive until you set this parameter. cmdline= # Location of your UEFI kernel-signing key pair in PEM format. # You can generate it using efi-mkkeys package. #signing_cert="/etc/uefi-keys/db.crt" #signing_key="/etc/uefi-keys/db.key" # Set to "yes" to disable signing. This should be used for testing only! #signing_disabled=no # Use the specified OpenSSL engine(1) to load the private key. #openssl_engine= # Location of CPU microcode updates. Defaults to /boot/amd-ucode.img # or /boot/intel-ucode.img, if available. #microcode= # Location of splash image file. Use "/dev/null" to disable splash. #splash_image="/dev/null" # Absolute path to a directory on EFI System Partition where to put signed # UEFI image. #output_dir="/boot/efi/Alpine" # Name of the output UEFI image file. It can contain placeholders: # '{flavor}' will be replaced with the kernel flavor (e.g. "lts", "virt"), # '{version}' will be replaced with the kernel version (e.g. "5.10.51-0"). #output_name="linux-{flavor}.efi" # Whether to backup old signed UEFI image (appends ".bak" to the file name). #backup_old=yes # Kernel flavors to skip this hook for (e.g. "edge virt"). If empty, it runs # for all installed flavors. #skip_flavors= # Absolute path to the EFI Stub file to use. It can contain placeholders: # '{march}' will be replaced with the machine's architecture (e.g. "aa64", # "x64"). #efistub_file="/usr/lib/gummiboot/linux{march}.efi.stub"