mokutil/mokutil-check-secure-boot-support.patch

50 lines
1.2 KiB
Diff
Raw Normal View History

From e8899f1f26a77dfd870388156381489d53e5548c Mon Sep 17 00:00:00 2001
From: Gary Ching-Pang Lin <glin@suse.com>
Date: Mon, 24 Mar 2014 15:20:27 +0800
Subject: [PATCH] Check whether the system supports Secure Boot or not
Signed-off-by: Gary Ching-Pang Lin <glin@suse.com>
---
src/mokutil.c | 18 ++++++++++++++++++
1 file changed, 18 insertions(+)
diff --git a/src/mokutil.c b/src/mokutil.c
index cd039f0..149df2b 100644
--- a/src/mokutil.c
+++ b/src/mokutil.c
@@ -2211,6 +2211,23 @@ main (int argc, char *argv[])
if (hash_file && use_root_pw)
command |= HELP;
+ if (!(command & HELP)) {
+ /* Check whether the machine supports Secure Boot or not */
+ efi_variable_t var;
+ efi_status_t status;
+
+ memset (&var, 0, sizeof(var));
+ var.VariableName = "SecureBoot";
+ var.VendorGuid = EFI_GLOBAL_VARIABLE;
+ status = read_variable (&var);
+ if (status != EFI_SUCCESS) {
+ fprintf (stderr, "This system doesn't support Secure Boot\n");
+ ret = -1;
+ goto out;
+ }
+ free (var.Data);
+ }
+
switch (command) {
case LIST_ENROLLED:
case LIST_ENROLLED | MOKX:
@@ -2331,6 +2348,7 @@ main (int argc, char *argv[])
break;
}
+out:
if (files) {
for (i = 0; i < total; i++)
free (files[i]);
--
1.8.4.5