From: Andrew Hamilton <adhamilt@gmail.com>
Date: Thu, 31 Oct 2024 00:24:53 +0000 (-0500)
Subject: docs: Correct chainloader UEFI secure boot info
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=097fd9d9a1f4e56281ee43b010c1bfe7d0b1ab79;p=thirdparty%2Fgrub.git

docs: Correct chainloader UEFI secure boot info

Correct documentation for UEFI secure boot to remove statement that
chainloader does not work with secure boot. This was fixed by the commit
6d05264 (kern/efi/sb: Add chainloaded image as shim's verifiable object).

Fixes: https://savannah.gnu.org/bugs/?62004

Signed-off-by: Andrew Hamilton <adhamilt@gmail.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
---

diff --git a/docs/grub.texi b/docs/grub.texi
index 62dace828..5dd4ed84f 100644
--- a/docs/grub.texi
+++ b/docs/grub.texi
@@ -8678,13 +8678,13 @@ secure boot chain.
 @node UEFI secure boot and shim
 @section UEFI secure boot and shim support
 
-The GRUB, except the @command{chainloader} command, works with the UEFI secure
-boot and the shim. This functionality is provided by the shim_lock verifier. It
-is built into the @file{core.img} and is registered if the UEFI secure boot is
-enabled. The @samp{shim_lock} variable is set to @samp{y} when shim_lock verifier
-is registered. If it is desired to use UEFI secure boot without shim, one can
-disable shim_lock by disabling shim verification with MokSbState UEFI variable
-or by building grub image with @samp{--disable-shim-lock} option.
+The GRUB works with UEFI secure boot and the shim. This functionality is
+provided by the shim_lock verifier. It is built into the @file{core.img} and is
+registered if the UEFI secure boot is enabled. The @samp{shim_lock} variable is
+set to @samp{y} when shim_lock verifier is registered. If it is desired to use
+UEFI secure boot without shim, one can disable shim_lock by disabling shim
+verification with MokSbState UEFI variable or by building grub image with
+@samp{--disable-shim-lock} option.
 
 All GRUB modules not stored in the @file{core.img}, OS kernels, ACPI tables,
 Device Trees, etc. have to be signed, e.g, using PGP. Additionally, the commands