superusers controls both CLI and editing. Also explicitly mention that
empty superusers disables them.
"Access to menuentry" is a bit vague - change to "execute menuentry"
to make it obvious, what access is granted.
From RFC1542:
The 'giaddr' field is rather poorly named. It exists to facilitate
the transfer of BOOTREQUEST messages from a client, through BOOTP
relay agents, to servers on different networks than the client.
Similarly, it facilitates the delivery of BOOTREPLY messages from the
servers, through BOOTP relay agents, back to the client. In no case
does it represent a general IP router to be used by the client. A
BOOTP client MUST set the 'giaddr' field to zero (0.0.0.0) in all
BOOTREQUEST messages it generates.
A BOOTP client MUST NOT interpret the 'giaddr' field of a BOOTREPLY
message to be the IP address of an IP router. A BOOTP client SHOULD
completely ignore the contents of the 'giaddr' field in BOOTREPLY
messages.
Leave code ifdef'd out for the time being in case we see regression.
Suggested by: Rink Springer <rink@rink.nu>
Closes: 43396
* docs/grub-dev.texi (Font Metrics): Exclude @image command from DVI
builds, since we don't have an EPS version of font_char_metrics.png.
Add leading dot to image extension per the Texinfo documentation.
Add a new timeout_style environment variable and a corresponding
GRUB_TIMEOUT_STYLE configuration key for grub-mkconfig. This
controls hidden-timeout handling more simply than the previous
arrangements, and pressing any hotkeys associated with menu entries
during the hidden timeout will now boot the corresponding menu entry
immediately.
GRUB_HIDDEN_TIMEOUT=<non-empty> + GRUB_TIMEOUT=<non-zero> now
generates a warning, and if it shows the menu it will do so as if
the second timeout were not present. Other combinations are
translated into reasonable equivalents.
Remove reference to grub-default from description of saved default entry.
Also mention that GRUB_DEFAULT=saved depends on availability of environment
block.
[v0] Accepted with modifications by phcoder@
[v1] Introduce subsections within Security
[v1] Correct errors regarding public key files not being automatically signature-checked in trust and verify_detached
[v1] Replace check_signatures=enforce with check_signatures set to enforce
[v1] Move detailed discussion of using signatures out of check_signatures environment variable description
[v1] Use long form for option flags to security-relevant commands
[v2] Explain the key fingerprint format for distrust and list_trusted.
[v2] Eliminates references to grub-mkimage and UEFI Secure Boot.
[v3] Updates in response to addition of --skip-sig to trust and verify_detached
[ ] Restore @xref for cross-references at the start of sentences