File 0040-squash-linuxefi-fail-kernel-validation-without-shim-.patch of Package grub2.24428
From 5b40b6d1e2e42bc5e06749438d6ecc8ae28993de Mon Sep 17 00:00:00 2001
From: Michael Chang <mchang@suse.com>
Date: Fri, 11 Dec 2020 23:16:50 +0800
Subject: [PATCH 40/41] squash! linuxefi: fail kernel validation without shim
protocol.
Use grub_efi_get_secureboot to get secure boot status
---
grub-core/loader/i386/efi/linux.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/grub-core/loader/i386/efi/linux.c b/grub-core/loader/i386/efi/linux.c
index 4b19b1807..3724d73b3 100644
--- a/grub-core/loader/i386/efi/linux.c
+++ b/grub-core/loader/i386/efi/linux.c
@@ -27,6 +27,7 @@
#include <grub/lib/cmdline.h>
#include <grub/efi/efi.h>
#include <grub/tpm.h>
+#include <grub/efi/sb.h>
GRUB_MOD_LICENSE ("GPLv3+");
@@ -235,7 +236,7 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)),
grub_tpm_measure (kernel, filelen, GRUB_BINARY_PCR, "grub_linuxefi", "Kernel");
- if (grub_efi_secure_boot ())
+ if (grub_efi_get_secureboot () == GRUB_EFI_SECUREBOOT_MODE_ENABLED)
{
int rc;
--
2.26.2