systemd-boot: Allow key enroll in AuditMode

author Nicolas Bouchinet <nicolas.bouchinet@ssi.gouv.fr>

Fri, 3 May 2024 09:42:09 +0000 (11:42 +0200)

committer Lennart Poettering <lennart@poettering.net>

Mon, 6 May 2024 11:09:03 +0000 (13:09 +0200)
author Nicolas Bouchinet <nicolas.bouchinet@ssi.gouv.fr>
Fri, 3 May 2024 09:42:09 +0000 (11:42 +0200)
committer Lennart Poettering <lennart@poettering.net>
Mon, 6 May 2024 11:09:03 +0000 (13:09 +0200)
diff --git a/src/boot/efi/boot.c b/src/boot/efi/boot.c

index b4decc152d0369451ed1c7e7759abdab7de115c8..79de121f0d2da51fd4a48257e5eb8a19de16f7ae 100644 (file)
--- a/src/boot/efi/boot.c
+++ b/src/boot/efi/boot.c
@@ -2480,7 +2480,7 @@ static EFI_STATUS secure_boot_discover_keys(Config *config, EFI_FILE *root_dir)
          EFI_STATUS err;
          _cleanup_(file_closep) EFI_FILE *keys_basedir = NULL;
  
-        if (secure_boot_mode() != SECURE_BOOT_SETUP)
+        if (!IN_SET(secure_boot_mode(), SECURE_BOOT_SETUP, SECURE_BOOT_AUDIT))
                  return EFI_SUCCESS;
  
          /* the lack of a 'keys' directory is not fatal and is silently ignored */
author	Nicolas Bouchinet <nicolas.bouchinet@ssi.gouv.fr>
	Fri, 3 May 2024 09:42:09 +0000 (11:42 +0200)
committer	Lennart Poettering <lennart@poettering.net>
	Mon, 6 May 2024 11:09:03 +0000 (13:09 +0200)