* [pve-devel] [PATCH installer] ZFS: detect and handle secure boot
@ 2023-11-21 13:13 Fabian Grünbichler
2023-11-21 13:22 ` [pve-devel] applied: " Thomas Lamprecht
0 siblings, 1 reply; 2+ messages in thread
From: Fabian Grünbichler @ 2023-11-21 13:13 UTC (permalink / raw)
To: pve-devel
and switch the ESP to grub if it is enabled.
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
---
Proxmox/Install.pm | 17 +++++++++++++++--
1 file changed, 15 insertions(+), 2 deletions(-)
diff --git a/Proxmox/Install.pm b/Proxmox/Install.pm
index 1a4ee93..a2f35ae 100644
--- a/Proxmox/Install.pm
+++ b/Proxmox/Install.pm
@@ -15,7 +15,7 @@ use Proxmox::Install::StorageConfig;
use Proxmox::Sys::Block qw(get_cached_disks wipe_disk partition_bootable_disk);
use Proxmox::Sys::Command qw(run_command syscmd);
-use Proxmox::Sys::File qw(file_read_firstline file_write_all);
+use Proxmox::Sys::File qw(file_read_all file_read_firstline file_write_all);
use Proxmox::UI;
# TODO: move somewhere better?
@@ -570,7 +570,20 @@ my sub chroot_chmod {
sub prepare_proxmox_boot_esp {
my ($espdev, $targetdir) = @_;
- syscmd("chroot $targetdir proxmox-boot-tool init $espdev") == 0 ||
+ my $mode = '';
+
+ # detect secure boot being enabled and switch to grub-on-ESP if it is
+ if (-d "/sys/firmware/efi") {
+ my $content = eval { file_read_all("/sys/firmware/efi/efivars/SecureBoot-8be4df61-93ca-11d2-aa0d-00e098032b8c") };
+ if ($@) {
+ warn "Failed to read secure boot state: $@\n";
+ } else {
+ my @secureboot = unpack("CCCCC", $content);
+ $mode = 'grub' if $secureboot[4] == 1;
+ }
+ }
+
+ syscmd("chroot $targetdir proxmox-boot-tool init $espdev $mode") == 0 ||
die "unable to init ESP and install proxmox-boot loader on '$espdev'\n";
}
--
2.39.2
^ permalink raw reply [flat|nested] 2+ messages in thread
* [pve-devel] applied: [PATCH installer] ZFS: detect and handle secure boot
2023-11-21 13:13 [pve-devel] [PATCH installer] ZFS: detect and handle secure boot Fabian Grünbichler
@ 2023-11-21 13:22 ` Thomas Lamprecht
0 siblings, 0 replies; 2+ messages in thread
From: Thomas Lamprecht @ 2023-11-21 13:22 UTC (permalink / raw)
To: Proxmox VE development discussion, Fabian Grünbichler
Am 21/11/2023 um 14:13 schrieb Fabian Grünbichler:
> and switch the ESP to grub if it is enabled.
>
> Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
> ---
> Proxmox/Install.pm | 17 +++++++++++++++--
> 1 file changed, 15 insertions(+), 2 deletions(-)
>
>
applied, thanks!
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2023-11-21 13:23 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2023-11-21 13:13 [pve-devel] [PATCH installer] ZFS: detect and handle secure boot Fabian Grünbichler
2023-11-21 13:22 ` [pve-devel] applied: " Thomas Lamprecht
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.
Service provided by Proxmox Server Solutions GmbH | Privacy | Legal