rocky-linux/rocky-tools
4
0
Fork 0
mirror of https://github.com/rocky-linux/rocky-tools.git synced 2024-11-22 13:11:26 +00:00
Code Issues Projects Releases Activity

Merge pull request #22 from electroniceel/efi-secure-boot

Browse Source 
Check if EFI secure boot is enabled
This commit is contained in:
Neil Hanlon 2021-05-31 20:30:52 -04:00 committed by GitHub
commit de8c952285
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 8 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
migrate2rocky.sh
View File

@ -101,7 +101,7 @@ bin_check() {
cat arch sort uniq rmdir rm head cat arch sort uniq rmdir rm head
) )
if [[ $update_efi ]]; then if [[ $update_efi ]]; then
bins+=(findmnt grub2-mkconfig efibootmgr) bins+=(findmnt grub2-mkconfig efibootmgr grep mokutil)
fi fi
for bin in "${bins[@]}"; do for bin in "${bins[@]}"; do
if ! type "$bin" >/dev/null 2>&1; then if ! type "$bin" >/dev/null 2>&1; then
@ -212,6 +212,13 @@ collect_system_info () {
exit_message "Can't find EFI mount. No EFI boot detected." exit_message "Can't find EFI mount. No EFI boot detected."
fi fi
# check if EFI secure boot is enabled
if [[ $update_efi ]]; then
if mokutil --sb-state 2>&1 | grep -q "SecureBoot enabled"; then
exit_message "EFI Secure Boot is enabled but Rocky Linux doesn't provide a signed shim yet. Disable EFI Secure Boot and reboot."
fi
fi
# Don't enable these module streams, even if they are enabled in the source # Don't enable these module streams, even if they are enabled in the source
# distro. # distro.
declare -g -a module_excludes declare -g -a module_excludes