From 5364c0c116d3a555e8a42bd2df0150697113465b Mon Sep 17 00:00:00 2001 From: =?utf8?q?Fabian=20Gr=C3=BCnbichler?= Date: Tue, 23 Apr 2024 14:27:53 +0200 Subject: [PATCH] move secure boot state to RunEnv MIME-Version: 1.0 Content-Type: text/plain; charset=utf8 Content-Transfer-Encoding: 8bit as preparation for using it in more than one place. Signed-off-by: Fabian Grünbichler --- Proxmox/Install.pm | 18 +++++------------- Proxmox/Install/RunEnv.pm | 12 +++++++++++- 2 files changed, 16 insertions(+), 14 deletions(-) diff --git a/Proxmox/Install.pm b/Proxmox/Install.pm index 19f7dc1..82619ae 100644 --- a/Proxmox/Install.pm +++ b/Proxmox/Install.pm @@ -15,7 +15,7 @@ use Proxmox::Install::StorageConfig; use Proxmox::Sys::Block qw(get_cached_disks wipe_disk partition_bootable_disk); use Proxmox::Sys::Command qw(run_command syscmd); -use Proxmox::Sys::File qw(file_read_all file_read_firstline file_write_all); +use Proxmox::Sys::File qw(file_read_firstline file_write_all); use Proxmox::UI; # TODO: move somewhere better? @@ -576,20 +576,12 @@ my sub chroot_chmod { } sub prepare_proxmox_boot_esp { - my ($espdev, $targetdir) = @_; + my ($espdev, $targetdir, $secureboot) = @_; my $mode = ''; - # detect secure boot being enabled and switch to grub-on-ESP if it is - if (-d "/sys/firmware/efi") { - my $content = eval { file_read_all("/sys/firmware/efi/efivars/SecureBoot-8be4df61-93ca-11d2-aa0d-00e098032b8c") }; - if ($@) { - warn "Failed to read secure boot state: $@\n"; - } else { - my @secureboot = unpack("CCCCC", $content); - $mode = 'grub' if $secureboot[4] == 1; - } - } + # if secure boot is enabled switch to grub-on-ESP + $mode = 'grub' if $secureboot; syscmd("chroot $targetdir proxmox-boot-tool init $espdev $mode") == 0 || die "unable to init ESP and install proxmox-boot loader on '$espdev'\n"; @@ -1237,7 +1229,7 @@ _EOD foreach my $di (@$bootdevinfo) { my $dev = $di->{devname}; if ($use_zfs) { - prepare_proxmox_boot_esp($di->{esp}, $targetdir); + prepare_proxmox_boot_esp($di->{esp}, $targetdir, $run_env->{secure_boot}); } else { if (!$native_4k_disk_bootable) { eval { diff --git a/Proxmox/Install/RunEnv.pm b/Proxmox/Install/RunEnv.pm index 39505d0..7eaf96a 100644 --- a/Proxmox/Install/RunEnv.pm +++ b/Proxmox/Install/RunEnv.pm @@ -8,7 +8,7 @@ use JSON qw(from_json to_json); use Proxmox::Log; use Proxmox::Sys::Command qw(run_command CMD_FINISHED); -use Proxmox::Sys::File qw(file_read_firstline); +use Proxmox::Sys::File qw(file_read_all file_read_firstline); use Proxmox::Sys::Block; use Proxmox::Sys::Net; @@ -285,6 +285,16 @@ sub query_installation_environment : prototype() { $output->{hvm_supported} = query_cpu_hvm_support(); $output->{boot_type} = -d '/sys/firmware/efi' ? 'efi' : 'bios'; + if ($output->{boot_type} eq 'efi') { + my $content = eval { file_read_all("/sys/firmware/efi/efivars/SecureBoot-8be4df61-93ca-11d2-aa0d-00e098032b8c") }; + if ($@) { + log_warn("Failed to read secure boot state: $@\n"); + } else { + my @secureboot = unpack("CCCCC", $content); + $output->{secure_boot} = $secureboot[4] == 1; + } + } + my $err; my $country; if ($routes->{gateway4}) { -- 2.39.5