Accepting request 1002927 from home:KHanich:branches:devel:openSUSE:Factory
- Add logic to shim.spec to only set sbat policy when efivarfs is writeable. (bsc#1201066) OBS-URL: https://build.opensuse.org/request/show/1002927 OBS-URL: https://build.opensuse.org/package/show/devel:openSUSE:Factory/shim?expand=0&rev=192
This commit is contained in:
parent
a379c7b18b
commit
2386bd59cb
@ -1,3 +1,9 @@
|
||||
-------------------------------------------------------------------
|
||||
Mon Sep 12 12:30:54 UTC 2022 - Kilian Hanich <khanich.opensource@gmx.de>
|
||||
|
||||
- Add logic to shim.spec to only set sbat policy when efivarfs is writeable.
|
||||
(bsc#1201066)
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Fri Aug 5 05:25:16 UTC 2022 - Joey Lee <jlee@suse.com>
|
||||
|
||||
|
@ -306,9 +306,13 @@ is_efi () {
|
||||
return $rc
|
||||
}
|
||||
# run mokutil for setting sbat policy to latest mode
|
||||
SBAT_POLICY=/sys/firmware/efi/efivars/SbatPolicy-605dab50-e046-4300-abb6-3dd810dd8b23
|
||||
EFIVARFS=/sys/firmware/efi/efivars
|
||||
SBAT_POLICY="$EFIVARFS/SbatPolicy-605dab50-e046-4300-abb6-3dd810dd8b23"
|
||||
if is_efi; then
|
||||
if [ ! -f "$SBAT_POLICY" ] && mokutil -h | grep -q "set-sbat-policy"; then
|
||||
if [ -w $EFIVARFS ] && \
|
||||
[ ! -f "$SBAT_POLICY" ] && \
|
||||
mokutil -h | grep -q "set-sbat-policy"; \
|
||||
then
|
||||
# Only apply CA check on the kernel package certs (bsc#1173115)
|
||||
mokutil --set-sbat-policy latest
|
||||
fi
|
||||
|
Loading…
Reference in New Issue
Block a user