Document the use of kairos.pull_datasources cmdline option

Part of kairos-io/kairos#3032

Signed-off-by: Dimitris Karakasilis <[email protected]>

Author: jimmykarily

Diff for: content/en/docs/Installation/automated.md

@@ -69,6 +69,10 @@ $ mkisofs -output ci.iso -volid cidata -joliet -rock user-data meta-data
 
 Once the ISO is created, you can attach it to your machine and boot up as usual, along with the Kairos ISO.
 
+{{% alert color="info" %}}
+For security reasons, when Kairos is installed in [trusted boot mode]({{< relref "../Installation/trustedboot.md" >}}), datasources are not parsed after installation. This prevents someone from plugging a usb stick on an edge device, applying arbitrary configuration to the system post-installation. To force parsing of the datasources after installation, you can set add the `kairos.pull_datasources` option to the cmdline. This requires extending the cmdline when building the installation medium with Auroraboot ([read more]({{< relref "../Installation/trustedboot.md#additional-efi-entries" >}}).
+{{% /alert %}}
+
 ## Via config URL
 
 Another way to supply your Kairos configuration file is to specify a URL as a boot argument during startup. To do this, add `config_url=<URL>` as a boot argument. This will allow the machine to download your configuration from the specified URL and perform the installation using the provided settings.