docs: Document available crypto disks checks
Document the --cryptodisk-only argument. Also, document the "cryptocheck" command invoked when that argument is processed. Signed-off-by: Maxim Suhanov <dfirblog@gmail.com> Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
This commit is contained in:
Maxim Suhanov
Daniel Kiper
parent
10d778c4b4
commit
23ec4535f4
@ -4475,6 +4475,8 @@ This module provides library support for writing to a storage disk.
|
||||
@node diskfilter_module
|
||||
@section diskfilter
|
||||
This module provides library support for reading a disk RAID array.
|
||||
It also provides support for the command @command{cryptocheck}.
|
||||
@xref{cryptocheck} for more information.
|
||||
|
||||
@node div_module
|
||||
@section div
|
||||
@ -6427,6 +6429,7 @@ you forget a command, you can run the command @command{help}
|
||||
* configfile:: Load a configuration file
|
||||
* cpuid:: Check for CPU features
|
||||
* crc:: Compute or check CRC32 checksums
|
||||
* cryptocheck:: Check if a device is encrypted
|
||||
* cryptomount:: Mount a crypto device
|
||||
* cutmem:: Remove memory regions
|
||||
* date:: Display or set current date and time
|
||||
@ -6737,6 +6740,16 @@ Alias for @code{hashsum --hash crc32 arg @dots{}}. See command @command{hashsum}
|
||||
(@pxref{hashsum}) for full description.
|
||||
@end deffn
|
||||
|
||||
@node cryptocheck
|
||||
@subsection cryptocheck
|
||||
|
||||
@deffn Command cryptocheck device
|
||||
Check if a given diskfilter device is backed by encrypted devices
|
||||
(@pxref{cryptomount} for additional information).
|
||||
|
||||
The command examines all backing devices, physical volumes, of a specified
|
||||
logical volume, like LVM2, and fails when at least one of them is unencrypted.
|
||||
@end deffn
|
||||
|
||||
@node cryptomount
|
||||
@subsection cryptomount
|
||||
@ -7666,7 +7679,8 @@ unbootable. @xref{Using digital signatures}, for more information.
|
||||
|
||||
@deffn Command search @
|
||||
[@option{--file}|@option{--label}|@option{--fs-uuid}] @
|
||||
[@option{--set} [var]] [@option{--no-floppy}|@option{--efidisk-only}] name
|
||||
[@option{--set} [var]] [@option{--no-floppy}|@option{--efidisk-only}|@option{--cryptodisk-only}] @
|
||||
name
|
||||
Search devices by file (@option{-f}, @option{--file}), filesystem label
|
||||
(@option{-l}, @option{--label}), or filesystem UUID (@option{-u},
|
||||
@option{--fs-uuid}).
|
||||
@ -7681,6 +7695,14 @@ devices, which can be slow.
|
||||
The (@option{--efidisk-only}) option prevents searching any other devices then
|
||||
EFI disks. This is typically used when chainloading to local EFI partition.
|
||||
|
||||
The (@option{--cryptodisk-only}) option prevents searching any devices other
|
||||
than encrypted disks. This is typically used when booting from an encrypted
|
||||
file system to ensure that no code gets executed from an unencrypted device
|
||||
having the same filesystem UUID or label.
|
||||
|
||||
This option implicitly invokes the command @command{cryptocheck}, if it is
|
||||
available (@pxref{cryptocheck} for additional information).
|
||||
|
||||
The @samp{search.file}, @samp{search.fs_label}, and @samp{search.fs_uuid}
|
||||
commands are aliases for @samp{search --file}, @samp{search --label}, and
|
||||
@samp{search --fs-uuid} respectively.
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user