From: Daan De Meyer <daan.j.demeyer@gmail.com>
Date: Wed, 6 Dec 2023 09:26:05 +0000 (+0100)
Subject: docs: Mention how to provide your own key and certificate
X-Git-Tag: v20~110
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=3ac94758bb781b7cbb5c8a5f586b3716d1cc2d2b;p=thirdparty%2Fmkosi.git

docs: Mention how to provide your own key and certificate
---

diff --git a/docs/sysext.md b/docs/sysext.md
index 8b16d9be9..99d277241 100644
--- a/docs/sysext.md
+++ b/docs/sysext.md
@@ -103,9 +103,11 @@ VerityMatchKey=root
 ```
 
 Of course we can't sign anything without a key, so let's generate one
-with `mkosi genkey`. Note that this key will need to be loaded into your
-kernel keyring either at build time or via MOK for systemd to accept the
-system extension at runtime as trusted.
+with `mkosi genkey` (or write your own private key and certificate
+yourself to `mkosi.key` and `mkosi.crt` respectively). Note that this
+key will need to be loaded into your kernel keyring either at build time
+or via MOK for systemd to accept the system extension at runtime as
+trusted.
 
 Finally, you build the base image and the extensions by running
 `mkosi -f`. You'll find `btrfs.raw` in `mkosi.output` which is the