man: follow our own naming rules more closely

author Lennart Poettering <lennart@poettering.net>

Thu, 27 Feb 2025 09:07:36 +0000 (10:07 +0100)

committer Lennart Poettering <lennart@poettering.net>

Thu, 27 Feb 2025 09:08:50 +0000 (10:08 +0100)
author Lennart Poettering <lennart@poettering.net>
Thu, 27 Feb 2025 09:07:36 +0000 (10:07 +0100)
committer Lennart Poettering <lennart@poettering.net>
Thu, 27 Feb 2025 09:08:50 +0000 (10:08 +0100)
diff --git a/man/systemd-measure.xml b/man/systemd-measure.xml

index 77a293ac2e1a24373e86481798ab077eb54f04fd..014769f921796ef776934fd3c2ab9fcd427f9cfe 100644 (file)
--- a/man/systemd-measure.xml
+++ b/man/systemd-measure.xml
@@ -369,9 +369,9 @@ $ ukify build \
        <programlisting>$ openssl genpkey -algorithm RSA -pkeyopt rsa_keygen_bits:2048 -out tpm2-pcr-private-key.pem
  .+........+.+........+.......+...+...+........+....+......+..+..........
  $ openssl rsa -pubout -in tpm2-pcr-private-key.pem -out tpm2-pcr-public-key.pem
-$ openssl genpkey -algorithm RSA -pkeyopt rsa_keygen_bits:2048 -out tpm2-pcr-private-key-initrd.pem
+$ openssl genpkey -algorithm RSA -pkeyopt rsa_keygen_bits:2048 -out tpm2-pcr-initrd-private-key.pem
  ..+.......++........+........+......+........+....+.....+.+..+..........
-$ openssl rsa -pubout -in tpm2-pcr-private-key-initrd.pem -out tpm2-pcr-public-key-initrd.pem
+$ openssl rsa -pubout -in tpm2-pcr-initrd-private-key.pem -out tpm2-pcr-initrd-public-key.pem
  $ ukify build \
       --linux=vmlinux-1.2.3 \
       --initrd=initrd.cpio \
@@ -383,8 +383,8 @@ $ ukify build \
       --pcr-public-key=tpm2-pcr-public-key.pem \
       --phases=enter-initrd,enter-initrd:leave-initrd,enter-initrd:leave-initrd:sysinit,enter-initrd:leave-initrd:sysinit:ready \
       --pcr-banks=sha1,sha256 \
-     --pcr-private-key=tpm2-pcr-private-key-initrd.pem \
-     --pcr-public-key=tpm2-pcr-public-key-initrd.pem \
+     --pcr-private-key=tpm2-pcr-initrd-private-key.pem \
+     --pcr-public-key=tpm2-pcr-initrd-public-key.pem \
       --phases=enter-initrd \
       --uname=1.2.3 \
       --output=vmlinux-1.2.3.efi
@@ -398,8 +398,8 @@ $ ukify build \
  + /usr/lib/systemd/systemd-measure sign --linux=vmlinux-1.2.3 \
  --osrel=os-release.txt --cmdline=cmdline.txt --dtb=devicetree.dtb \
  --splash=splash.bmp --initrd=initrd.cpio --bank=sha1 --bank=sha256 \
---private-key=tpm2-pcr-private-key-initrd.pem \
---public-key=tpm2-pcr-public-key-initrd.pem \
+--private-key=tpm2-pcr-initrd-private-key.pem \
+--public-key=tpm2-pcr-initrd-public-key.pem \
  --phase=enter-initrd
  Wrote unsigned vmlinux-1.2.3.efi
  </programlisting>
@@ -414,7 +414,7 @@ Wrote unsigned vmlinux-1.2.3.efi
        by the first <option>--pcr-private-key=</option> option, covering all boot phases. The
        <literal>.pcrpkey</literal> section is used in the default policies of
        <command>systemd-cryptenroll</command> and <command>systemd-creds</command>. To use the stricter policy
-      bound to <filename>tpm2-pcr-public-key-initrd.pem</filename>, specify
+      bound to <filename>tpm2-pcr-initrd-public-key.pem</filename>, specify
        <option>--tpm2-public-key=</option> on the command line of those tools.</para>
      </example>
    </refsect1>
diff --git a/man/uki.conf.example b/man/uki.conf.example

index f78c15fe7850d1bf455c5c745c0a2dbafae24fe8..59c54af4a72f8b132f7c9f566b9d4520fbbbe273 100644 (file)
--- a/man/uki.conf.example
+++ b/man/uki.conf.example
@@ -4,8 +4,8 @@ SecureBootCertificate=/etc/kernel/secureboot-certificate.pem
  
  [PCRSignature:initrd]
  Phases=enter-initrd
-PCRPrivateKey=/etc/systemd/tpm2-pcr-private-key-initrd.pem
-PCRPublicKey=/etc/systemd/tpm2-pcr-public-key-initrd.pem
+PCRPrivateKey=/etc/systemd/tpm2-pcr-initrd-private-key.pem
+PCRPublicKey=/etc/systemd/tpm2-pcr-initrd-public-key.pem
  
  [PCRSignature:system]
  Phases=enter-initrd:leave-initrd enter-initrd:leave-initrd:sysinit
diff --git a/man/ukify.xml b/man/ukify.xml

index a0e58ab693bca12aac6f738ca04dd0ccf5970577..987f9f7b0f1b3780e54fe8ca090771ee6c5c42bb 100644 (file)
--- a/man/ukify.xml
+++ b/man/ukify.xml
@@ -719,8 +719,8 @@
        --initrd=/some/path/initramfs-6.0.9-300.fc37.x86_64.img \
        --sbat='sbat,1,SBAT Version,sbat,1,https://github.com/rhboot/shim/blob/main/SBAT.md
        uki.author.myimage,1,UKI for System,uki.author.myimage,1,https://uapi-group.org/specifications/specs/unified_kernel_image/' \
-      --pcr-private-key=tpm2-pcr-private-key-initrd.pem \
-      --pcr-public-key=tpm2-pcr-public-key-initrd.pem \
+      --pcr-private-key=tpm2-pcr-initrd-private-key.pem \
+      --pcr-public-key=tpm2-pcr-initrd-public-key.pem \
        --phases='enter-initrd' \
        --pcr-private-key=tpm2-pcr-private-key-system.pem \
        --pcr-public-key=tpm2-pcr-public-key-system.pem \
@@ -738,7 +738,7 @@
        and <filename index='false'>initramfs-6.0.9-300.fc37.x86_64.img</filename>.
        The policy embedded in the <literal>.pcrsig</literal> section will be signed for the initrd (the
        <constant>enter-initrd</constant> phase) with the key
-      <filename index='false'>tpm2-pcr-private-key-initrd.pem</filename>, and for the main system (phases
+      <filename index='false'>tpm2-pcr-initrd-private-key.pem</filename>, and for the main system (phases
        <constant>leave-initrd</constant>, <constant>sysinit</constant>, <constant>ready</constant>) with the
        key <filename index='false'>tpm2-pcr-private-key-system.pem</filename>. The Linux binary and the resulting
        combined image will be signed with the SecureBoot key <filename index='false'>secureboot-private-key.pem</filename>.</para>
@@ -761,8 +761,8 @@ SignKernel=yes
  PCRBanks=sha384,sha512
  
  [PCRSignature:initrd]
-PCRPrivateKey=tpm2-pcr-private-key-initrd.pem
-PCRPublicKey=tpm2-pcr-public-key-initrd.pem
+PCRPrivateKey=tpm2-pcr-initrd-private-key.pem
+PCRPublicKey=tpm2-pcr-initrd-public-key.pem
  Phases=enter-initrd
  
  [PCRSignature:system]
@@ -811,8 +811,8 @@ $ ukify -c ukify.conf build \
        <programlisting># ukify genkey --config=/etc/kernel/uki.conf
  Writing SecureBoot private key to /etc/kernel/secureboot-private-key.pem
  Writing SecureBoot certificate to /etc/kernel/secureboot-certificate.pem
-Writing private key for PCR signing to /etc/systemd/tpm2-pcr-private-key-initrd.pem
-Writing public key for PCR signing to /etc/systemd/tpm2-pcr-public-key-initrd.pem
+Writing private key for PCR signing to /etc/systemd/tpm2-pcr-initrd-private-key.pem
+Writing public key for PCR signing to /etc/systemd/tpm2-pcr-initrd-public-key.pem
  Writing private key for PCR signing to /etc/systemd/tpm2-pcr-private-key-system.pem
  Writing public key for PCR signing to /etc/systemd/tpm2-pcr-public-key-system.pem
  </programlisting>
@@ -881,7 +881,7 @@ ID=factory-reset' \
        --linux=/lib/modules/6.0.9-300.fc37.x86_64/vmlinuz \
        --initrd=/some/path/initramfs-6.0.9-300.fc37.x86_64.img \
        --cmdline='quiet rw' \
-      --pcr-public-key=tpm2-pcr-public-key-initrd.pem \
+      --pcr-public-key=tpm2-pcr-initrd-public-key.pem \
        --policy-digest \
        --json=short \
        --output=base.efi >base.pcrs
author	Lennart Poettering <lennart@poettering.net>
	Thu, 27 Feb 2025 09:07:36 +0000 (10:07 +0100)
committer	Lennart Poettering <lennart@poettering.net>
	Thu, 27 Feb 2025 09:08:50 +0000 (10:08 +0100)
man/systemd-measure.xml		patch \| blob \| blame \| history
man/uki.conf.example		patch \| blob \| blame \| history
man/ukify.xml		patch \| blob \| blame \| history