File 0040-squash-linuxefi-fail-kernel-validation-without-shim-.patch of Package grub2.24428

From 5b40b6d1e2e42bc5e06749438d6ecc8ae28993de Mon Sep 17 00:00:00 2001
From: Michael Chang <mchang@suse.com>
Date: Fri, 11 Dec 2020 23:16:50 +0800
Subject: [PATCH 40/41] squash! linuxefi: fail kernel validation without shim
 protocol.

Use grub_efi_get_secureboot to get secure boot status
---
 grub-core/loader/i386/efi/linux.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/grub-core/loader/i386/efi/linux.c b/grub-core/loader/i386/efi/linux.c
index 4b19b1807..3724d73b3 100644
--- a/grub-core/loader/i386/efi/linux.c
+++ b/grub-core/loader/i386/efi/linux.c
@@ -27,6 +27,7 @@
 #include <grub/lib/cmdline.h>
 #include <grub/efi/efi.h>
 #include <grub/tpm.h>
+#include <grub/efi/sb.h>
 
 GRUB_MOD_LICENSE ("GPLv3+");
 
@@ -235,7 +236,7 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)),
 
   grub_tpm_measure (kernel, filelen, GRUB_BINARY_PCR, "grub_linuxefi", "Kernel");
 
-  if (grub_efi_secure_boot ())
+  if (grub_efi_get_secureboot () == GRUB_EFI_SECUREBOOT_MODE_ENABLED)
     {
       int rc;
 
-- 
2.26.2

openSUSE Build Service is sponsored by