###############################
# nannycam configuration file
#
# (this is an ash-shell snippet)
################################

# The authentication key is what is used to prove
# that the encrypted boot partition has not been
# completely replaced with one created by the attacker

# Where to store the file in the initramfs
AUTH_KEY_FILE=/boot_partition_auth.pem

# RSA key size, in bits
# Note: The size of the key determines the size of the
# signature. The size of the signature determines the
# size of the QR code that will be printed to the terminal.
# Pick the largest key size that fits on your monitor
AUTH_KEY_LENGTH=4096

# Options to pass to QR encoder
# Use these in case your terminal can't output UTF8 or
# you need to fiddle with the settings to make the QR
# code fit on your screen
QR_OPTS="-t ANSIUTF8 -m 1"

# Hashes of important boot programs

# The hashing algorithm to use
HASH_ALG=sha256

# Expected hash values
# Note: These are calculated for you each time mkinitcpio
# runs. The only time you would want to uncomment these is
# if the logic in the install hook incorrectly detects your
# configuration and you want to override the logic.

# The hash of the MBR 
# (first 512 bytes of disk housing partition with boot flag set)
# EXPECTED_MBR_HASH=

# The hash of the Post-MBR Gap
# (bytes from the end of the MBR to the start of the first partition)
# EXPECTED_MBR_GAP_HASH=

# The hash of the EFI stub used to boot
# (hash of the file invoked by the UEFI firmware, likely /EFI/grub/grubx64.efi)
# Note: Only checked when booting via UEFI
# Note: MBR and Post MBR Gap are still checked when booting via UEFI
# EXPECTED_EFI_STUB_HASH=