Add some checks to check_inputs() for secure boot key and certificate

diff --git a/mkosi/__init__.py b/mkosi/__init__.py
index 0a47497cdb37f9fb5764f8428cbdcacca9453e2f..f00f89e551a269b8770a846eea52b5a53813b253 100644 (file)
--- a/mkosi/__init__.py
+++ b/mkosi/__init__.py
@@ -2151,6 +2151,14 @@ def check_inputs(config: Config) -> None:
         if not os.access(script, os.X_OK):
             die(f"{script} is not executable")
 
+    if config.secure_boot and not config.secure_boot_key:
+        die("SecureBoot= is enabled but no secure boot key is configured",
+            hint="Run mkosi genkey to generate a secure boot key/certificate pair")
+
+    if config.secure_boot and not config.secure_boot_certificate:
+        die("SecureBoot= is enabled but no secure boot key is configured",
+            hint="Run mkosi genkey to generate a secure boot key/certificate pair")
+
 
 def check_tool(config: Config, *tools: PathString, reason: str, hint: Optional[str] = None) -> Path:
     tool = config.find_binary(*tools)