Comment 12 for bug 1860531

------- Comment From <email address hidden> 2020-02-06 07:32 EDT-------
After testing, it seems to be that the behaviour of the settings need addl. fixes... Stay tuned.

------- Comment From <email address hidden> 2020-02-06 07:35 EDT-------
OK, to be more precise. You can have the secure= entry in any of the following places:

- in a configuration section:

Example:
[test]
target = /boot
image = /boot/image-test
parmfile = /boot/parmfile-test
secure = 1

- in the menu section:

Example:
:menu1
target = /boot
1 = linux
2 = test
default = 1
prompt = 1
timeout = 0
secure = 1

- in the defaultboot section with defaultauto
when NOT using a menu but generating an auto menu
(this can be seen as a replacement for the :menu section)

Example:
[defaultboot]
defaultauto
target = /boot
default = 1
secure = 1

You are right, the man page is misleading as it combines the [defaultboot] section containing a defaultmenu with the secure= entry. This does not work and we should fix the man page here.

I do not completely understand the following question:

> With multiple menus in zipl.conf: how does zipl -S work?

There is only one active menu in the zipl.conf

But nevertheless "zipl -S" should overwrite every setting from the zipl.conf regardless where secure= is specified.

Also combinations of the various places are possible. The most significant entry wins.
The expected significance of the different positions should be:

"zipl-S " > menu section or "defaultauto" section > configuration section

Hope this clarifies the situation a bit more.