]> git.ipfire.org Git - thirdparty/systemd.git/commitdiff
projects / thirdparty / systemd.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: fb09163)
boot: make secure boot enrollment less special
authorLennart Poettering <lennart@poettering.net>
Tue, 25 Feb 2025 11:40:43 +0000 (12:40 +0100)
committerLennart Poettering <lennart@poettering.net>
Tue, 25 Feb 2025 20:15:10 +0000 (21:15 +0100)
This is the last entry type that has special handling: with this in
place we now always invoke entry handlers the very same way. via the
.call() method of the BootEntry structure.

src/boot/boot.c patch | blob | blame | history

diff --git a/src/boot/boot.c b/src/boot/boot.c
index 090f7237cdcb78333a7f397a94cbcbc6aefbac0e..b24e6f7a260ecd4fc85da96d7267f90b8ff71ac7 100644 (file)
--- a/src/boot/boot.c
+++ b/src/boot/boot.c
@@ -2707,6 +2707,12 @@ static void save_selected_entry(const Config *config, const BootEntry *entry) {
                 (void) efivar_unset(MAKE_GUID_PTR(LOADER), u"LoaderEntryLastBooted", EFI_VARIABLE_NON_VOLATILE);
 }
 
+static EFI_STATUS call_secure_boot_enroll(const BootEntry *entry, EFI_FILE *root_dir, EFI_HANDLE parent_image) {
+        assert(entry);
+
+        return secure_boot_enroll_at(root_dir, entry->path, /* force= */ true);
+}
+
 static EFI_STATUS secure_boot_discover_keys(Config *config, EFI_FILE *root_dir) {
         EFI_STATUS err;
         _cleanup_file_close_ EFI_FILE *keys_basedir = NULL;
@@ -2747,6 +2753,7 @@ static EFI_STATUS secure_boot_discover_keys(Config *config, EFI_FILE *root_dir)
                         .type = LOADER_SECURE_BOOT_KEYS,
                         .tries_done = -1,
                         .tries_left = -1,
+                        .call = call_secure_boot_enroll,
                 };
                 config_add_entry(config, entry);
 
@@ -2977,14 +2984,6 @@ static EFI_STATUS run(EFI_HANDLE image) {
                                 return EFI_SUCCESS;
                 }
 
-                /* if auto enrollment is activated, we try to load keys for the given entry. */
-                if (entry->type == LOADER_SECURE_BOOT_KEYS) {
-                        err = secure_boot_enroll_at(root_dir, entry->path, /*force=*/ true);
-                        if (err != EFI_SUCCESS)
-                                return err;
-                        continue;
-                }
-
                 (void) boot_entry_bump_counters(entry);
                 save_selected_entry(&config, entry);
 
Unnamed repository; edit this file 'description' to name the repository.