File 0007-kern-lockdown-Set-a-variable-if-the-GRUB-is-locked-d.patch of Package grub2.27717

From b33186a4e5863578d653e875f4de39e3bf19a6ac Mon Sep 17 00:00:00 2001
From: Javier Martinez Canillas <javierm@redhat.com>
Date: Tue, 2 Feb 2021 19:59:48 +0100
Subject: [PATCH 07/41] kern/lockdown: Set a variable if the GRUB is locked
 down

It may be useful for scripts to determine whether the GRUB is locked
down or not. Add the lockdown variable which is set to "y" when the GRUB
is locked down.

Suggested-by: Dimitri John Ledkov <xnox@ubuntu.com>
Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
---
 docs/grub.texi            | 3 +++
 grub-core/kern/lockdown.c | 4 ++++
 2 files changed, 7 insertions(+)

diff --git a/docs/grub.texi b/docs/grub.texi
index 51fa7713d..951021867 100644
--- a/docs/grub.texi
+++ b/docs/grub.texi
@@ -5664,6 +5664,9 @@ The GRUB can be locked down when booted on a secure boot environment, for exampl
 if the UEFI secure boot is enabled. On a locked down configuration, the GRUB will
 be restricted and some operations/commands cannot be executed.
 
+The @samp{lockdown} variable is set to @samp{y} when the GRUB is locked down.
+Otherwise it does not exit.
+
 @node Platform limitations
 @chapter Platform limitations
 
diff --git a/grub-core/kern/lockdown.c b/grub-core/kern/lockdown.c
index 9fd9c8f7e..b31c37b0b 100644
--- a/grub-core/kern/lockdown.c
+++ b/grub-core/kern/lockdown.c
@@ -18,6 +18,7 @@
  */
 
 #include <grub/dl.h>
+#include <grub/env.h>
 #include <grub/file.h>
 #include <grub/lockdown.h>
 
@@ -27,6 +28,9 @@ void
 grub_lockdown (void)
 {
   lockdown = GRUB_LOCKDOWN_ENABLED;
+
+  grub_env_set ("lockdown", "y");
+  grub_env_export ("lockdown");
 }
 
 int
-- 
2.26.2