From: "Fabian Grünbichler" <f.gruenbichler@proxmox.com>
To: pve-devel@lists.proxmox.com
Subject: [pve-devel] [PATCH installer] ZFS: detect and handle secure boot
Date: Tue, 21 Nov 2023 14:13:19 +0100 [thread overview]
Message-ID: <20231121131319.785491-1-f.gruenbichler@proxmox.com> (raw)
and switch the ESP to grub if it is enabled.
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
---
Proxmox/Install.pm | 17 +++++++++++++++--
1 file changed, 15 insertions(+), 2 deletions(-)
diff --git a/Proxmox/Install.pm b/Proxmox/Install.pm
index 1a4ee93..a2f35ae 100644
--- a/Proxmox/Install.pm
+++ b/Proxmox/Install.pm
@@ -15,7 +15,7 @@ use Proxmox::Install::StorageConfig;
use Proxmox::Sys::Block qw(get_cached_disks wipe_disk partition_bootable_disk);
use Proxmox::Sys::Command qw(run_command syscmd);
-use Proxmox::Sys::File qw(file_read_firstline file_write_all);
+use Proxmox::Sys::File qw(file_read_all file_read_firstline file_write_all);
use Proxmox::UI;
# TODO: move somewhere better?
@@ -570,7 +570,20 @@ my sub chroot_chmod {
sub prepare_proxmox_boot_esp {
my ($espdev, $targetdir) = @_;
- syscmd("chroot $targetdir proxmox-boot-tool init $espdev") == 0 ||
+ my $mode = '';
+
+ # detect secure boot being enabled and switch to grub-on-ESP if it is
+ if (-d "/sys/firmware/efi") {
+ my $content = eval { file_read_all("/sys/firmware/efi/efivars/SecureBoot-8be4df61-93ca-11d2-aa0d-00e098032b8c") };
+ if ($@) {
+ warn "Failed to read secure boot state: $@\n";
+ } else {
+ my @secureboot = unpack("CCCCC", $content);
+ $mode = 'grub' if $secureboot[4] == 1;
+ }
+ }
+
+ syscmd("chroot $targetdir proxmox-boot-tool init $espdev $mode") == 0 ||
die "unable to init ESP and install proxmox-boot loader on '$espdev'\n";
}
--
2.39.2
next reply other threads:[~2023-11-21 13:13 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-11-21 13:13 Fabian Grünbichler [this message]
2023-11-21 13:22 ` [pve-devel] applied: " Thomas Lamprecht
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20231121131319.785491-1-f.gruenbichler@proxmox.com \
--to=f.gruenbichler@proxmox.com \
--cc=pve-devel@lists.proxmox.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.