blob: 28b7154fda3a83716f705db3bf96243b9e8a6ed0 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
|
###############################
# nannycam configuration file
#
# (this is an ash-shell snippet)
################################
# The authentication key is what is used to prove
# that the encrypted boot partition has not been
# completely replaced with one created by the attacker
# Where to store the file in the initramfs
AUTH_KEY_FILE=/boot_partition_auth.pem
# RSA key size, in bits
# Note: The size of the key determines the size of the
# signature. The size of the signature determines the
# size of the QR code that will be printed to the terminal.
# Pick the largest key size that fits on your monitor
AUTH_KEY_LENGTH=4096
# Options to pass to QR encoder
# Use these in case your terminal can't output UTF8 or
# you need to fiddle with the settings to make the QR
# code fit on your screen
QR_OPTS="-t ANSIUTF8 -m 1"
# Hashes of important boot programs
# The hashing algorithm to use
HASH_ALG=sha256
# Expected hash values
# Note: These are calculated for you each time mkinitcpio
# runs. The only time you would want to uncomment these is
# if the logic in the install hook incorrectly detects your
# configuration and you want to override the logic.
# The hash of the MBR
# (first 512 bytes of disk housing partition with boot flag set)
# EXPECTED_MBR_HASH=
# The hash of the Post-MBR Gap
# (bytes from the end of the MBR to the start of the first partition)
# EXPECTED_MBR_GAP_HASH=
# The hash of the EFI stub used to boot
# (hash of the file invoked by the UEFI firmware, likely /EFI/grub/grubx64.efi)
# Note: Only checked when booting via UEFI
# Note: MBR and Post MBR Gap are still checked when booting via UEFI
# EXPECTED_EFI_STUB_HASH=
|