diff options
Diffstat (limited to 'docs')
| -rw-r--r-- | docs/configuration/policy/route-map.rst | 4 | ||||
| -rw-r--r-- | docs/configuration/vrf/index.rst | 6 | ||||
| -rw-r--r-- | docs/installation/secure-boot.rst | 20 |
3 files changed, 23 insertions, 7 deletions
diff --git a/docs/configuration/policy/route-map.rst b/docs/configuration/policy/route-map.rst index 03cdb99b..a2313466 100644 --- a/docs/configuration/policy/route-map.rst +++ b/docs/configuration/policy/route-map.rst @@ -179,6 +179,10 @@ Route Map Match RPKI validation result. +.. cfgcmd:: set policy route-map <text> rule <1-65535> match source-vrf <text> + + Source VRF to match. + .. cfgcmd:: set policy route-map <text> rule <1-65535> match tag <1-65535> Route tag to match. diff --git a/docs/configuration/vrf/index.rst b/docs/configuration/vrf/index.rst index e9115458..9082e8d4 100644 --- a/docs/configuration/vrf/index.rst +++ b/docs/configuration/vrf/index.rst @@ -505,6 +505,12 @@ address-family. derived and should not be specified explicitly for either the source or destination VRF’s. +.. cfgcmd:: set vrf name <name> protocols bgp address-family + <ipv4-unicast|ipv6-unicast> route-map vrf import + [route-map <name>] + + Specifies an optional route-map to be applied to routes imported from VRFs. + .. cfgcmd:: set vrf name <name> protocols bgp interface <interface> mpls forwarding diff --git a/docs/installation/secure-boot.rst b/docs/installation/secure-boot.rst index 817ca663..b6685039 100644 --- a/docs/installation/secure-boot.rst +++ b/docs/installation/secure-boot.rst @@ -18,13 +18,19 @@ commands prior to your ISO image build: .. code-block:: bash cd vyos-build - openssl req -new -x509 -newkey rsa:4096 \ - -keyout data/live-build-config/includes.chroot/var/lib/shim-signed/mok/MOK.key \ - -out data/live-build-config/includes.chroot/var/lib/shim-signed/mok/MOK.der \ - -outform DER -days 36500 -subj "/CN=MyMOK/" -nodes - openssl x509 -inform der \ - -in data/live-build-config/includes.chroot/var/lib/shim-signed/mok/MOK.der \ - -out data/live-build-config/includes.chroot/var/lib/shim-signed/mok/MOK.pem + CA_DIR="data/certificates" + SHIM_CERT_NAME="vyos-dev-2025-shim" + VYOS_KERNEL_CERT_NAME="vyos-dev-2025-linux" + + openssl req -new -x509 -newkey rsa:4096 -keyout ${CA_DIR}/${SHIM_CERT_NAME}.key -out ${CA_DIR}/${SHIM_CERT_NAME}.der \ + -outform DER -days 36500 -subj "/CN=VyOS Networks Secure Boot CA/" -nodes + openssl x509 -inform der -in ${CA_DIR}/${SHIM_CERT_NAME}.der -out ${CA_DIR}/${SHIM_CERT_NAME}.pem + + openssl req -newkey rsa:4096 -sha256 -nodes -keyout ${CA_DIR}/${VYOS_KERNEL_CERT_NAME}.key \ + -out ${CA_DIR}/${VYOS_KERNEL_CERT_NAME}.csr -outform PEM -days 3650 \ + -subj "/CN=VyOS Networks Secure Boot Signer 2025 - linux/" + openssl x509 -req -in ${CA_DIR}/${VYOS_KERNEL_CERT_NAME}.csr -CA ${CA_DIR}/${SHIM_CERT_NAME}.pem \ + -CAkey ${CA_DIR}/${SHIM_CERT_NAME}.key -CAcreateserial -out ${CA_DIR}/${VYOS_KERNEL_CERT_NAME}.pem -days 3650 -sha256 ************ Installation |