Overview

File tboot-grub2-refuse-secure-boot.patch of Package tboot.22060

Index: tboot-1.9.12/tboot/20_linux_tboot
===================================================================
--- tboot-1.9.12.orig/tboot/20_linux_tboot
+++ tboot-1.9.12/tboot/20_linux_tboot
@@ -34,6 +34,28 @@ if test -e ${sysconfdir}/default/grub-tb
   .  ${sysconfdir}/default/grub-tboot
 fi
 
+secureBootActive()
+{
+	for secboot_var in /sys/firmware/efi/efivars/SecureBoot-*; do
+		[ ! -e "$secboot_var" ] && continue
+
+		# this variable contains a '1' byte at the end if secure boot is enabled
+		local secboot_byte=`od --address-radix=n --format=u1 "$secboot_var" | tr -d ' \n' | tail -c 1`
+
+		[ "$secboot_byte" = "1" ] && return 0
+	done
+
+	return 1
+}
+
+if secureBootActive; then
+	cat >&2 << EOF
+Not generating tboot menu entries, because UEFI Secure Boot is active.
+tboot is not compatible with UEFI Secure Boot.
+EOF
+	exit 0
+fi
+
 # Set the following variables in /etc/default/grub-tboot to customize command lines
 # (empty values are treated as if the variables were unset).
 [ -z "${GRUB_CMDLINE_TBOOT}" ] && unset GRUB_CMDLINE_TBOOT
Index: tboot-1.9.12/tboot/20_linux_xen_tboot
===================================================================
--- tboot-1.9.12.orig/tboot/20_linux_xen_tboot
+++ tboot-1.9.12/tboot/20_linux_xen_tboot
@@ -34,6 +34,28 @@ if test -e ${sysconfdir}/default/grub-tb
   .  ${sysconfdir}/default/grub-tboot
 fi
 
+secureBootActive()
+{
+	for secboot_var in /sys/firmware/efi/efivars/SecureBoot-*; do
+		[ ! -e "$secboot_var" ] && continue
+
+		# this variable contains a '1' byte at the end if secure boot is enabled
+		local secboot_byte=`od --address-radix=n --format=u1 "$secboot_var" | tr -d ' \n' | tail -c 1`
+
+		[ "$secboot_byte" = "1" ] && return 0
+	done
+
+	return 1
+}
+
+if secureBootActive; then
+	cat >&2 << EOF
+Not generating tboot menu entries, because UEFI Secure Boot is active.
+tboot is not compatible with UEFI Secure Boot.
+EOF
+	exit 0
+fi
+
 # Set the following variables in /etc/default/grub-tboot to customize command lines
 # (empty values are treated as if the variables were unset).
 [ -z "${GRUB_CMDLINE_TBOOT}" ] && unset GRUB_CMDLINE_TBOOT
openSUSE Build Service is sponsored by
Places