[isar-cip-core][PATCH 19/19] doc: README.secureboot polishing

From: Jan Kiszka <jan.kiszka@siemens.com>
To: cip-dev@lists.cip-project.org
Cc: Quirin Gylstorff <quirin.gylstorff@siemens.com>,
	Christian Storm <christian.storm@siemens.com>
Subject: [isar-cip-core][PATCH 19/19] doc: README.secureboot polishing
Date: Wed, 13 Apr 2022 09:16:36 +0200	[thread overview]
Message-ID: <ad6cc6be1bd0d6703e8cc52a61c5a7a929605a48.1649834193.git.jan.kiszka@siemens.com> (raw)
In-Reply-To: <cover.1649834193.git.jan.kiszka@siemens.com>

From: Jan Kiszka <jan.kiszka@siemens.com>

There has never been a uefikernel parameter for efibootguard-boot, so
drop this.

Furthermore, spell-out "EFI Boot Guard" and adjust some section levels
and titles.

Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
---
 doc/README.secureboot.md | 16 ++++++++--------
 1 file changed, 8 insertions(+), 8 deletions(-)

diff --git a/doc/README.secureboot.md b/doc/README.secureboot.md
index 3c2d524..b2d7be9 100644
--- a/doc/README.secureboot.md
+++ b/doc/README.secureboot.md
@@ -1,11 +1,11 @@
-# Efibootguard Secure boot
+# EFI Boot Guard secure boot
 
 This document describes how to generate a secure boot capable image with
 [efibootguard](https://github.com/siemens/efibootguard).
 
 ## Description
 
-The image build signs the efibootguard bootloader (bootx64.efi) and generates
+The image build signs the EFI Boot Guard bootloader (bootx64.efi) and generates
 a signed [unified kernel image](https://systemd.io/BOOT_LOADER_SPECIFICATION/).
 A unified kernel image packs the kernel, initramfs and the kernel command-line
 in one binary object. As the kernel command-line is immutable after the build
@@ -19,12 +19,12 @@ If a match is found the rootfs is used for the boot.
 
 ## Adaptation for Images
 
-###  WIC
+### WIC
 The following elements must be present in a wks file to create a secure boot capable image.
 
 ```
 part --source efibootguard-efi  --sourceparams "signwith=<script or executable to sign the image>"
-part --source efibootguard-boot --sourceparams "uefikernel=<name of the unified kernel>,signwith=<script or executable to sign the image>"
+part --source efibootguard-boot --sourceparams "signwith=<script or executable to sign the image>"
 ```
 
 #### Script or executable to sign the image
@@ -43,7 +43,6 @@ executable or script with the following interface:
 Supply the script name and path to wic by adding
 `signwith=<path and name of the script to sign>"` to sourceparams of the partition.
 
-
 ### Existing packages to sign an image
 
 #### ebg-secure-boot-snakeoil
@@ -63,7 +62,7 @@ The following variable and steps are necessary to build a secure boot capable im
 
 The files referred by SB_CERTDB and SB_VERIFY_CERT must be store in  `recipes-devtools/ebg-secure-boot-secrets/files/`
 
-## QEMU
+## Running in QEMU
 
 Set up a secure boot test environment with [QEMU](https://www.qemu.org/)
 
@@ -138,7 +137,7 @@ scripts/start-efishell.sh secureboot-tools
 
 ### Build image
 
-Build the image with a signed efibootguard and unified kernel image
+Build the image with a signed EFI Boot Guard and unified kernel image
 with the snakeoil keys by executing:
 
 ```
@@ -202,7 +201,8 @@ OVMF_CODE=./build/tmp/deploy/images/qemu-amd64/OVMF/OVMF_CODE_4M.secboot.fd \
 OVMF_VARS=<path to the modified OVMF_VARS.fd> \
 ./start-qemu.sh amd64
 ```
-# Example: Update the image
+
+## Example: Update the image
 
 For updating the image, the following steps are necessary:
 - [Build the image with snakeoil keys](### Build image)
-- 
2.34.1


