mkosi: Allow booting without secure boot

Don't fail if SecureBoot is not enabled. Instead, only execute
the secure boot related checks if secure boot is actually enabled.

diff --git a/mkosi.images/base/mkosi.extra/usr/lib/systemd/mkosi-check-and-shutdown.sh b/mkosi.images/base/mkosi.extra/usr/lib/systemd/mkosi-check-and-shutdown.sh
index e0fcf304988dc4f9a620051e3bb0216f17048902..d2800a04a9ff9b42c3438314585280b815eeaf82 100755 (executable)
--- a/mkosi.images/base/mkosi.extra/usr/lib/systemd/mkosi-check-and-shutdown.sh
+++ b/mkosi.images/base/mkosi.extra/usr/lib/systemd/mkosi-check-and-shutdown.sh
@@ -4,8 +4,9 @@
 systemctl --failed --no-legend | tee /failed-services
 
 # Check that secure boot keys were properly enrolled.
-if ! systemd-detect-virt --container; then
-    cmp /sys/firmware/efi/efivars/SecureBoot-8be4df61-93ca-11d2-aa0d-00e098032b8c <(printf '\6\0\0\0\1')
+if ! systemd-detect-virt --container && \
+   cmp /sys/firmware/efi/efivars/SecureBoot-8be4df61-93ca-11d2-aa0d-00e098032b8c <(printf '\6\0\0\0\1')
+then
     cmp /sys/firmware/efi/efivars/SetupMode-8be4df61-93ca-11d2-aa0d-00e098032b8c <(printf '\6\0\0\0\0')
 
     if command -v sbsign &>/dev/null; then