From eeb229345cad0b36bc25e2a04ff6c83815045c3f Mon Sep 17 00:00:00 2001 From: Ron Stone Date: Wed, 7 Jun 2023 16:58:24 +0000 Subject: [PATCH] Extract Secure Boot Cert from ISO (dsR8,dsR7,dsR6,r5) Add include placeholder for DS addition. Signed-off-by: Ron Stone Change-Id: I73514b347868e5a7b0b14caec79c58c342fb7055 --- ...act-certificate-from-iso-181be684e2e5.rest | 23 +++++++++++++++++++ .../kubernetes/use-uefi-secure-boot.rst | 6 ++++- 2 files changed, 28 insertions(+), 1 deletion(-) create mode 100644 doc/source/_includes/extract-certificate-from-iso-181be684e2e5.rest diff --git a/doc/source/_includes/extract-certificate-from-iso-181be684e2e5.rest b/doc/source/_includes/extract-certificate-from-iso-181be684e2e5.rest new file mode 100644 index 000000000..b8b22c1a3 --- /dev/null +++ b/doc/source/_includes/extract-certificate-from-iso-181be684e2e5.rest @@ -0,0 +1,23 @@ + +.. If this file will contain only one text fragment, delete the ".. begin-" and + ".. end-" comments below and simply include your rST content. + +.. If this file will include more than one text fragment, replace + with a string describing the fragment. This string must be unique and contain + no spaces. Comments must match for each fragment, for example: + .. begin-source-env-note + .. end-source-env-note + Repeat this pattern for each fragment in the file. + +.. This file should be saved to the doc/source/_include directory of your project. + +.. For more information on including content fragments, see: + https://docutils.sourceforge.io/docs/ref/rst/directives.html#include + +.. begin- + +.. content here + +.. end- + + diff --git a/doc/source/security/kubernetes/use-uefi-secure-boot.rst b/doc/source/security/kubernetes/use-uefi-secure-boot.rst index 5ed408e5c..d6a3debec 100644 --- a/doc/source/security/kubernetes/use-uefi-secure-boot.rst +++ b/doc/source/security/kubernetes/use-uefi-secure-boot.rst @@ -9,7 +9,7 @@ Use UEFI Secure Boot Secure Boot is supported in |UEFI| installations only. It is not used when booting |prod| as a legacy boot target. -|prod| currently does not support switching from legacy to UEFI mode after a +|prod| currently does not support switching from legacy to |UEFI| mode after a system has been installed. Doing so requires a reinstall of the system. This also means that upgrading from a legacy install to a secure boot install \(UEFI) is not supported. @@ -45,6 +45,10 @@ For example, a controller node may secure boot, while a worker node may not. Secure boot must be enabled in the |UEFI| firmware of each node for that node to be protected by secure boot. +.. only:: partner + + .. include:: /_includes/extract-certificate-from-iso-181be684e2e5.rest + .. only:: starlingx --------------------------------------------------------------