ukify: merge .sbat sections from stub and kernel

If the kernel contains a .sbat section (they should start soon) then merge it with the stub's so that revocations can apply to either component. Fixes https://github.com/systemd/systemd/issues/27866
author: Luca Boccassi <bluca@debian.org> 2023-06-29 02:05:36 +0200
committer: Luca Boccassi <bluca@debian.org> 2023-06-30 18:17:56 +0200
commit: c3f7501c4d014482b17988d5aed1d88127a50b6e (patch)
tree: 966fad958625ce564c2e8a297ad368fa56298796 /man/ukify.xml
parent: core: reorder systemd arguments on reexec (diff)
download: systemd-c3f7501c4d014482b17988d5aed1d88127a50b6e.tar.xz
systemd-c3f7501c4d014482b17988d5aed1d88127a50b6e.zip
1 files changed, 6 insertions, 0 deletions
diff --git a/man/ukify.xml b/man/ukify.xml
index 44fb3a5237..31e54c473a 100644
--- a/man/ukify.xml
+++ b/man/ukify.xml
@@ -98,6 +98,12 @@
       discussion of automatic enrollment in
       <citerefentry><refentrytitle>systemd-boot</refentrytitle><manvolnum>7</manvolnum></citerefentry>.
       </para>
+
+      <para>If the stub and/or the kernel contain <literal>.sbat</literal> sections they will be merged in
+      the UKI so that revocation updates affecting either are considered when the UKI is loaded by Shim. For
+      more information on SBAT see
+      <ulink url="https://github.com/rhboot/shim/blob/main/SBAT.md">Shim's documentation.</ulink>
+      </para>
     </refsect2>
 
     <refsect2>
author	Luca Boccassi <bluca@debian.org>	2023-06-29 02:05:36 +0200
committer	Luca Boccassi <bluca@debian.org>	2023-06-30 18:17:56 +0200
commit	c3f7501c4d014482b17988d5aed1d88127a50b6e (patch)
tree	966fad958625ce564c2e8a297ad368fa56298796 /man/ukify.xml
parent	core: reorder systemd arguments on reexec (diff)
download	systemd-c3f7501c4d014482b17988d5aed1d88127a50b6e.tar.xz systemd-c3f7501c4d014482b17988d5aed1d88127a50b6e.zip