grub: trust
16.3.76 trust
-------------
-- Command: trust [--skip-sig] pubkey_file
Read public key from PUBKEY_FILE and add it to GRUB's internal list
of trusted public keys. These keys are used to validate digital
signatures when environment variable 'check_signatures' is set to
'enforce'. Note that if 'check_signatures' is set to 'enforce'
when 'trust' executes, then PUBKEY_FILE must itself be properly
signed. The '--skip-sig' option can be used to disable
signature-checking when reading PUBKEY_FILE itself. It is expected
that '--skip-sig' is useful for testing and manual booting. ⇒
Using digital signatures, for more information.