rocky-linux
/
rocky-tools
mirror of https://github.com/rocky-linux/rocky-tools.git
4
0
Fork 0
Code Issues Projects Releases Activity

Merge pull request #22 from electroniceel/efi-secure-boot 

Check if EFI secure boot is enabled
This commit is contained in:
Neil Hanlon 2021-05-31 20:30:52 -04:00 committed by GitHub
parent 773b2c0d6f 50dac4a735
commit de8c952285
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 8 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
migrate2rocky.sh
View File

@ -101,7 +101,7 @@ bin_check() {
cat arch sort uniq rmdir rm head
)
if [[ $update_efi ]]; then
bins+=(findmnt grub2-mkconfig efibootmgr)
bins+=(findmnt grub2-mkconfig efibootmgr grep mokutil)
fi
for bin in "${bins[@]}"; do
if ! type "$bin" >/dev/null 2>&1; then
@ -212,6 +212,13 @@ collect_system_info () {
exit_message "Can't find EFI mount. No EFI boot detected."
fi
# check if EFI secure boot is enabled
if [[ $update_efi ]]; then
if mokutil --sb-state 2>&1 | grep -q "SecureBoot enabled"; then
exit_message "EFI Secure Boot is enabled but Rocky Linux doesn't provide a signed shim yet. Disable EFI Secure Boot and reboot."
fi
fi
# Don't enable these module streams, even if they are enabled in the source
# distro.
declare -g -a module_excludes