You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
84 lines
3.6 KiB
84 lines
3.6 KiB
6 months ago
|
From 72089d78ba9e0c0d4c4b83c8f447adbfb32809ed Mon Sep 17 00:00:00 2001
|
||
|
|
From: Jan Janssen <medhefgo@web.de>
|
||
|
|
Date: Mon, 16 Jan 2023 16:22:17 +0100
|
||
|
|
Subject: [PATCH] boot: Skip soft-brick warning when in a VM
|
||
|
|
|
||
|
|
This part of the warning is annoying to look at not really true when
|
||
|
|
running inside of a VM.
|
||
|
|
|
||
|
|
(cherry picked from commit 3e87a057a796b57bf9540b948823fbefef6693d7)
|
||
|
|
|
||
|
|
Related: RHEL-16952
|
||
|
|
---
|
||
|
|
src/boot/efi/secure-boot.c | 56 ++++++++++++++++++++------------------
|
||
|
|
1 file changed, 29 insertions(+), 27 deletions(-)
|
||
|
|
|
||
|
|
diff --git a/src/boot/efi/secure-boot.c b/src/boot/efi/secure-boot.c
|
||
|
|
index 55c9ba5d4c..3f3a222b5e 100644
|
||
|
|
--- a/src/boot/efi/secure-boot.c
|
||
|
|
+++ b/src/boot/efi/secure-boot.c
|
||
|
|
@@ -44,34 +44,36 @@ EFI_STATUS secure_boot_enroll_at(EFI_FILE *root_dir, const char16_t *path) {
|
||
|
|
|
||
|
|
clear_screen(COLOR_NORMAL);
|
||
|
|
|
||
|
|
- Print(L"Enrolling secure boot keys from directory: %s\n"
|
||
|
|
- L"Warning: Enrolling custom Secure Boot keys might soft-brick your machine!\n",
|
||
|
|
- path);
|
||
|
|
-
|
||
|
|
- unsigned timeout_sec = 15;
|
||
|
|
- for(;;) {
|
||
|
|
- /* Enrolling secure boot keys is safe to do in virtualized environments as there is nothing
|
||
|
|
- * we can brick there. */
|
||
|
|
- if (in_hypervisor())
|
||
|
|
- break;
|
||
|
|
-
|
||
|
|
- PrintAt(0, ST->ConOut->Mode->CursorRow, L"Enrolling in %2u s, press any key to abort.", timeout_sec);
|
||
|
|
-
|
||
|
|
- uint64_t key;
|
||
|
|
- err = console_key_read(&key, 1000 * 1000);
|
||
|
|
- if (err == EFI_NOT_READY)
|
||
|
|
- continue;
|
||
|
|
- if (err == EFI_TIMEOUT) {
|
||
|
|
- if (timeout_sec == 0) /* continue enrolling keys */
|
||
|
|
- break;
|
||
|
|
- timeout_sec--;
|
||
|
|
- continue;
|
||
|
|
+ Print(u"Enrolling secure boot keys from directory: %s\n");
|
||
|
|
+
|
||
|
|
+ /* Enrolling secure boot keys is safe to do in virtualized environments as there is nothing
|
||
|
|
+ * we can brick there. */
|
||
|
|
+ if (!in_hypervisor()) {
|
||
|
|
+ Print(u"Warning: Enrolling custom Secure Boot keys might soft-brick your machine!\n", path);
|
||
|
|
+
|
||
|
|
+ unsigned timeout_sec = 15;
|
||
|
|
+ for (;;) {
|
||
|
|
+ Print(u"\rEnrolling in %2u s, press any key to abort.", timeout_sec);
|
||
|
|
+
|
||
|
|
+ uint64_t key;
|
||
|
|
+ err = console_key_read(&key, 1000 * 1000);
|
||
|
|
+ if (err == EFI_NOT_READY)
|
||
|
|
+ continue;
|
||
|
|
+ if (err == EFI_TIMEOUT) {
|
||
|
|
+ if (timeout_sec == 0) /* continue enrolling keys */
|
||
|
|
+ break;
|
||
|
|
+ timeout_sec--;
|
||
|
|
+ continue;
|
||
|
|
+ }
|
||
|
|
+ if (err != EFI_SUCCESS)
|
||
|
|
+ return log_error_status_stall(
|
||
|
|
+ err,
|
||
|
|
+ L"Error waiting for user input to enroll Secure Boot keys: %r",
|
||
|
|
+ err);
|
||
|
|
+
|
||
|
|
+ /* user aborted, returning EFI_SUCCESS here allows the user to go back to the menu */
|
||
|
|
+ return EFI_SUCCESS;
|
||
|
|
}
|
||
|
|
- if (err != EFI_SUCCESS)
|
||
|
|
- return log_error_status_stall(err, L"Error waiting for user input to enroll Secure Boot keys: %r", err);
|
||
|
|
-
|
||
|
|
- /* user aborted, returning EFI_SUCCESS here allows the user to go back to the menu */
|
||
|
|
- return EFI_SUCCESS;
|
||
|
|
}
|
||
|
|
|
||
|
|
_cleanup_(file_closep) EFI_FILE *dir = NULL;
|