grub2: verify_detached
16.3.77 verify_detached
-----------------------
-- Command: verify_detached ['--skip-sig'] file signature_file
[pubkey_file]
Verifies a GPG-style detached signature, where the signed file is
FILE, and the signature itself is in file SIGNATURE_FILE.
Optionally, a specific public key to use can be specified using
PUBKEY_FILE. When environment variable 'check_signatures' is set
to 'enforce', then PUBKEY_FILE must itself be properly signed by an
already-trusted key. An unsigned PUBKEY_FILE can be loaded by
specifying '--skip-sig'. If PUBKEY_FILE is omitted, then public
keys from GRUB's trusted keys (list_trusted, trust,
and distrust) are tried.
Exit code '$?' is set to 0 if the signature validates successfully.
If validation fails, it is set to a non-zero value. Using
digital signatures, for more information.