From: Daan De Meyer <daan.j.demeyer@gmail.com>
Date: Wed, 13 Mar 2024 19:50:06 +0000 (+0100)
Subject: mkosi: Allow booting without secure boot
X-Git-Tag: v256-rc1~538^2~1
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=d1c29b517aaaf170e01bd4805a8902dbbc090ad4;p=thirdparty%2Fsystemd.git

mkosi: Allow booting without secure boot

Don't fail if SecureBoot is not enabled. Instead, only execute
the secure boot related checks if secure boot is actually enabled.
---

diff --git a/mkosi.images/base/mkosi.extra/usr/lib/systemd/mkosi-check-and-shutdown.sh b/mkosi.images/base/mkosi.extra/usr/lib/systemd/mkosi-check-and-shutdown.sh
index e0fcf304988..d2800a04a9f 100755
--- a/mkosi.images/base/mkosi.extra/usr/lib/systemd/mkosi-check-and-shutdown.sh
+++ b/mkosi.images/base/mkosi.extra/usr/lib/systemd/mkosi-check-and-shutdown.sh
@@ -4,8 +4,9 @@
 systemctl --failed --no-legend | tee /failed-services
 
 # Check that secure boot keys were properly enrolled.
-if ! systemd-detect-virt --container; then
-    cmp /sys/firmware/efi/efivars/SecureBoot-8be4df61-93ca-11d2-aa0d-00e098032b8c <(printf '\6\0\0\0\1')
+if ! systemd-detect-virt --container && \
+   cmp /sys/firmware/efi/efivars/SecureBoot-8be4df61-93ca-11d2-aa0d-00e098032b8c <(printf '\6\0\0\0\1')
+then
     cmp /sys/firmware/efi/efivars/SetupMode-8be4df61-93ca-11d2-aa0d-00e098032b8c <(printf '\6\0\0\0\0')
 
     if command -v sbsign &>/dev/null; then