trust
Command
Command
trust [--skip-sig] pubkey_file
Read public key from pubkey_file and add it to GRUB’s internal list of trusted public keys. These keys are used to validate digital signatures when environment variable check_signatures
is set to enforce
. Note that if check_signatures
is set to enforce
when trust
executes, then pubkey_file must itself be properly signed.
The --skip-sig
option can be used to disable signature-checking when reading pubkey_file itself. It is expected that --skip-sig
is useful for testing and manual booting.