aports/main/secureboot-hook/secureboot.conf

# Configuration for secureboot kernel hook

# Kernel command line to embed into UEFI image.
# Value starting with "/" or "." will be interpreted as a path to a file that
# contains kernel command line parameters (lines starting with "#" will be
# stripped and newlines replaced with spaces).
#
# It should *not* contain an initrd= parameter! Example of a valid cmdline:
# root=UUID=<uuid-of-your-root-partition> modules=ext4
#
# Hook will be inactive until you set this parameter.
cmdline=

# Location of your UEFI kernel-signing key pair in PEM format.
# You can generate it using efi-mkkeys package.
#signing_cert="/etc/uefi-keys/db.crt"
#signing_key="/etc/uefi-keys/db.key"

# Set to "yes" to disable signing. This should be used for testing only!
#signing_disabled=no

# Use the specified OpenSSL engine(1) to load the private key.
#openssl_engine=

# Location of CPU microcode updates. Defaults to /boot/amd-ucode.img
# or /boot/intel-ucode.img, if available.
#microcode=

# Location of splash image file. Use "/dev/null" to disable splash.
#splash_image="/dev/null"

# Absolute path to a directory on EFI System Partition where to put signed
# UEFI image.
#output_dir="/boot/efi/Alpine"

# Name of the output UEFI image file. It can contain placeholders:
# '{flavor}' will be replaced with the kernel flavor (e.g. "lts", "virt"),
# '{version}' will be replaced with the kernel version (e.g. "5.10.51-0").
#output_name="linux-{flavor}.efi"

# Whether to backup old signed UEFI image (appends ".bak" to the file name).
#backup_old=yes

# Kernel flavors to skip this hook for (e.g. "edge virt"). If empty, it runs
# for all installed flavors.
#skip_flavors=

# Absolute path to the EFI Stub file to use. It can contain placeholders:
# '{march}' will be replaced with the machine's architecture (e.g. "aa64",
# "x64").
#efistub_file="/usr/lib/systemd/boot/efi/linux{march}.efi.stub"