I'm having trouble getting grub-mkstandalone to recognise the public key passed in via --pubkey
According to the documentation, adding --pubkey to grub-mkimage should imply check_signatures=enforce but this doesn't seem to happen for grub-mkstandalone. (or does it?). The documentation doesn't mention what format the public key file should be. So I've tried both gpg --export and and gpg --export --armor. However when I try the command "list_trusted", I get no results and attempting to cat a signed file results in an error saying the public key could not be found. I'm currently invoking with: grub-mkstandalone --output=../build/grub/EFI/BOOT/BOOTX64.EFI --format=x86_64-efi --pubkey=../artefacts/grub.pgp boot/grub/grub.cfg=./grub.cfg Any suggestions on what I'm missing?
