return access("/sys/firmware/efi", F_OK) >= 0;
}
+int is_efi_secure_boot(void) {
+ int r;
+ void *v;
+ size_t s;
+ uint8_t b;
+
+ r = efi_get_variable(EFI_VENDOR_GLOBAL, "SecureBoot", &v, &s);
+ if (r < 0)
+ return r;
+ b = *(uint8_t *)s;
+
+ if (s != 1) {
+ r = -EINVAL;
+ goto finish;
+ }
+
+ r = b > 0;
+finish:
+ free(v);
+ return r;
+}
+
int efi_get_variable(
const uint8_t vendor[16],
const char *name,
#define EFI_VARIABLE_RUNTIME_ACCESS 0x0000000000000004
bool is_efi_boot(void);
+int is_efi_secure_boot(void);
int efi_get_variable(const uint8_t vendor[16], const char *name, void **value, size_t *size);
int efi_set_variable( const uint8_t vendor[16], const char *name, const void *value, size_t size);
int efi_get_variable_string(const uint8_t vendor[16], const char *name, char **p);
int r;
if (!is_efi_boot()) {
- fprintf(stderr, "Not booted with EFI, skipping EFI variable checks.\n");
+ fprintf(stderr, "Not booted with EFI, skipping EFI variable setup.\n");
return 0;
}
}
fprintf(stderr, "Created EFI boot entry \"Linux Boot Manager\".\n");
}
- insert_into_order(slot, first);
+ if (is_efi_secure_boot() <= 0)
+ insert_into_order(slot, first);
+ else
+ fprintf(stderr, "EFI Secure Boot is active, skipping EFI boot order registration.\n");
finish:
free(p);