mirror of
https://github.com/systemd/systemd.git
synced 2024-10-30 14:55:37 +03:00
2de6cc18f9
This gives us some nice test coverage for secure boot enrolling and the stub secure boot workound. The authenticated EFI variables are already created by mkosi, all we need to do is request secure boot to be used.
16 lines
553 B
Bash
16 lines
553 B
Bash
#!/bin/bash -eux
|
|
# SPDX-License-Identifier: LGPL-2.1-or-later
|
|
|
|
systemctl --failed --no-legend | tee /failed-services
|
|
|
|
# Check that secure boot keys were properly enrolled.
|
|
if [[ -d /sys/firmware/efi/efivars/ ]]; then
|
|
cmp /sys/firmware/efi/efivars/SecureBoot-8be4df61-93ca-11d2-aa0d-00e098032b8c <(printf '\6\0\0\0\1')
|
|
cmp /sys/firmware/efi/efivars/SetupMode-8be4df61-93ca-11d2-aa0d-00e098032b8c <(printf '\6\0\0\0\0')
|
|
fi
|
|
|
|
# Exit with non-zero EC if the /failed-services file is not empty (we have -e set)
|
|
[[ ! -s /failed-services ]]
|
|
|
|
: >/testok
|