-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathis_sb_enabled_command.patch
98 lines (93 loc) · 3.07 KB
/
is_sb_enabled_command.patch
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
From 0269b30263899d047f53df9b6a8acb61f6a61cb6 Mon Sep 17 00:00:00 2001
From: Andriy Dobush <[email protected]>
Date: Wed, 26 May 2021 11:12:27 +0300
Subject: [PATCH] Add cli to enable check in config file if secure boot is
enabled Disbale gpg verification if UEFI secure boot is disabled
Signed-off-by: Andriy Dobush <[email protected]>
Patch-Name: is_sb_enabled_command.patch
---
grub-core/Makefile.core.def | 6 ++++
grub-core/commands/efi/is_sb_enabled.c | 52 ++++++++++++++++++++++++++++++++++
grub-core/commands/pgp.c | 6 ++++
3 files changed, 64 insertions(+)
create mode 100644 grub-core/commands/efi/is_sb_enabled.c
diff --git a/grub-core/Makefile.core.def b/grub-core/Makefile.core.def
index 836bf0a..3fb985f 100644
--- a/grub-core/Makefile.core.def
+++ b/grub-core/Makefile.core.def
@@ -799,6 +799,12 @@ module = {
};
module = {
+ name = is_sb_enabled;
+ common = commands/efi/is_sb_enabled.c;
+ enable = efi;
+};
+
+module = {
name = efifwsetup;
efi = commands/efi/efifwsetup.c;
enable = efi;
diff --git a/grub-core/commands/efi/is_sb_enabled.c b/grub-core/commands/efi/is_sb_enabled.c
new file mode 100644
index 0000000..2955416
--- /dev/null
+++ b/grub-core/commands/efi/is_sb_enabled.c
@@ -0,0 +1,52 @@
+/*
+ * GRUB -- GRand Unified Bootloader
+ * Copyright (C) 2012 Free Software Foundation, Inc.
+ *
+ * GRUB is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GRUB is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with GRUB. If not, see <http://www.gnu.org/licenses/>.
+ */
+#include <grub/efi/efi.h>
+#include <grub/efi/api.h>
+#include <grub/command.h>
+
+/* mheese: this import is necessary to find GRUB_EFI_SECUREBOOT_MODE_ENABLED */
+#include <grub/efi/sb.h>
+
+GRUB_MOD_LICENSE ("GPLv3+");
+
+static grub_err_t
+grub_cmd_is_sb_enabled (grub_command_t cmd __attribute__ ((unused)),
+ int argc __attribute__ ((unused)),
+ char **args __attribute__ ((unused)))
+{
+ /* mheese: exchanging call to `grub_efi_secureboot()` with comparison call to `grub_efi_get_secureboot()` as grub_efi_secureboot is not exported any longer */
+ if (grub_efi_get_secureboot () == GRUB_EFI_SECUREBOOT_MODE_ENABLED)
+ {
+ grub_printf ("Secure Boot enabled");
+ return 1;
+ }
+ else
+ {
+ grub_printf ("Secure Boot disabled");
+ return 0;
+ }
+}
+
+static grub_command_t cmd;
+
+GRUB_MOD_INIT(is_sb_enabled)
+{
+ cmd = grub_register_command ("is_sb_enabled", grub_cmd_is_sb_enabled,
+ "", "Show if secure boot is enabled");
+}
+
+GRUB_MOD_FINI(is_sb_enabled)
+{
+ grub_unregister_command (cmd);
+}
--
2.11.0