vmspawn: ignore firmwares with enrolled-keys by default

author Sam Leonard <sam.leonard@codethink.co.uk>

Mon, 15 Jan 2024 16:40:09 +0000 (16:40 +0000)

committer Sam Leonard <sam.leonard@codethink.co.uk>

Tue, 16 Jan 2024 10:08:34 +0000 (10:08 +0000)
author Sam Leonard <sam.leonard@codethink.co.uk>
Mon, 15 Jan 2024 16:40:09 +0000 (16:40 +0000)
committer Sam Leonard <sam.leonard@codethink.co.uk>
Tue, 16 Jan 2024 10:08:34 +0000 (10:08 +0000)
diff --git a/src/vmspawn/vmspawn-util.c b/src/vmspawn/vmspawn-util.c

index 6270b7ffae7f5cea968002ddd0939d4b96ac5941..16ece31809782aca18586c224f3dcd790daa5769 100644 (file)
--- a/src/vmspawn/vmspawn-util.c
+++ b/src/vmspawn/vmspawn-util.c
@@ -191,7 +191,12 @@ int find_ovmf_config(int search_sb, OvmfConfig **ret) {
                          continue;
                  }
  
-                int sb_present = !!strv_find(fwd->features, "secure-boot");
+                if (strv_contains(fwd->features, "enrolled-keys")) {
+                        log_debug("Skipping %s, firmware has enrolled keys which has been known to cause issues", *file);
+                        continue;
+                }
+
+                bool sb_present = strv_contains(fwd->features, "secure-boot");
  
                  /* exclude firmware which doesn't match our Secure Boot requirements */
                  if (search_sb >= 0 && search_sb != sb_present) {
author	Sam Leonard <sam.leonard@codethink.co.uk>
	Mon, 15 Jan 2024 16:40:09 +0000 (16:40 +0000)
committer	Sam Leonard <sam.leonard@codethink.co.uk>
	Tue, 16 Jan 2024 10:08:34 +0000 (10:08 +0000)