-- Command: verify_detached ['--skip-sig'] file signature_file
Verifies a GPG-style detached signature, where the signed file is
FILE, and the signature itself is in file SIGNATURE_FILE.
Optionally, a specific public key to use can be specified using
PUBKEY_FILE. When environment variable 'check_signatures' is set
to 'enforce', then PUBKEY_FILE must itself be properly signed by an
already-trusted key. An unsigned PUBKEY_FILE can be loaded by
specifying '--skip-sig'. If PUBKEY_FILE is omitted, then public
keys from GRUB's trusted keys (⇒list_trusted, ⇒trust,
and ⇒distrust) are tried.
Exit code '$?' is set to 0 if the signature validates successfully.
If validation fails, it is set to a non-zero value. ⇒Using
digital signatures, for more information.