From: Lennart Poettering Date: Tue, 25 Feb 2025 11:40:43 +0000 (+0100) Subject: boot: make secure boot enrollment less special X-Git-Tag: v258-rc1~1261^2~1 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=612bc71210244cd632344f86c8fb685867b92c30;p=thirdparty%2Fsystemd.git boot: make secure boot enrollment less special This is the last entry type that has special handling: with this in place we now always invoke entry handlers the very same way. via the .call() method of the BootEntry structure. --- diff --git a/src/boot/boot.c b/src/boot/boot.c index 090f7237cdc..b24e6f7a260 100644 --- a/src/boot/boot.c +++ b/src/boot/boot.c @@ -2707,6 +2707,12 @@ static void save_selected_entry(const Config *config, const BootEntry *entry) { (void) efivar_unset(MAKE_GUID_PTR(LOADER), u"LoaderEntryLastBooted", EFI_VARIABLE_NON_VOLATILE); } +static EFI_STATUS call_secure_boot_enroll(const BootEntry *entry, EFI_FILE *root_dir, EFI_HANDLE parent_image) { + assert(entry); + + return secure_boot_enroll_at(root_dir, entry->path, /* force= */ true); +} + static EFI_STATUS secure_boot_discover_keys(Config *config, EFI_FILE *root_dir) { EFI_STATUS err; _cleanup_file_close_ EFI_FILE *keys_basedir = NULL; @@ -2747,6 +2753,7 @@ static EFI_STATUS secure_boot_discover_keys(Config *config, EFI_FILE *root_dir) .type = LOADER_SECURE_BOOT_KEYS, .tries_done = -1, .tries_left = -1, + .call = call_secure_boot_enroll, }; config_add_entry(config, entry); @@ -2977,14 +2984,6 @@ static EFI_STATUS run(EFI_HANDLE image) { return EFI_SUCCESS; } - /* if auto enrollment is activated, we try to load keys for the given entry. */ - if (entry->type == LOADER_SECURE_BOOT_KEYS) { - err = secure_boot_enroll_at(root_dir, entry->path, /*force=*/ true); - if (err != EFI_SUCCESS) - return err; - continue; - } - (void) boot_entry_bump_counters(entry); save_selected_entry(&config, entry);