mirror of
https://github.com/rocky-linux/rocky-tools.git
synced 2024-12-28 20:50:54 +00:00
Merge pull request #22 from electroniceel/efi-secure-boot
Check if EFI secure boot is enabled
This commit is contained in:
commit
de8c952285
1 changed files with 8 additions and 1 deletions
|
@ -101,7 +101,7 @@ bin_check() {
|
|||
cat arch sort uniq rmdir rm head
|
||||
)
|
||||
if [[ $update_efi ]]; then
|
||||
bins+=(findmnt grub2-mkconfig efibootmgr)
|
||||
bins+=(findmnt grub2-mkconfig efibootmgr grep mokutil)
|
||||
fi
|
||||
for bin in "${bins[@]}"; do
|
||||
if ! type "$bin" >/dev/null 2>&1; then
|
||||
|
@ -212,6 +212,13 @@ collect_system_info () {
|
|||
exit_message "Can't find EFI mount. No EFI boot detected."
|
||||
fi
|
||||
|
||||
# check if EFI secure boot is enabled
|
||||
if [[ $update_efi ]]; then
|
||||
if mokutil --sb-state 2>&1 | grep -q "SecureBoot enabled"; then
|
||||
exit_message "EFI Secure Boot is enabled but Rocky Linux doesn't provide a signed shim yet. Disable EFI Secure Boot and reboot."
|
||||
fi
|
||||
fi
|
||||
|
||||
# Don't enable these module streams, even if they are enabled in the source
|
||||
# distro.
|
||||
declare -g -a module_excludes
|
||||
|
|
Loading…
Reference in a new issue