From d1c29b517aaaf170e01bd4805a8902dbbc090ad4 Mon Sep 17 00:00:00 2001
From: Daan De Meyer <daan.j.demeyer@gmail.com>
Date: Wed, 13 Mar 2024 20:50:06 +0100
Subject: [PATCH] mkosi: Allow booting without secure boot

Don't fail if SecureBoot is not enabled. Instead, only execute
the secure boot related checks if secure boot is actually enabled.
---
 .../mkosi.extra/usr/lib/systemd/mkosi-check-and-shutdown.sh  | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/mkosi.images/base/mkosi.extra/usr/lib/systemd/mkosi-check-and-shutdown.sh b/mkosi.images/base/mkosi.extra/usr/lib/systemd/mkosi-check-and-shutdown.sh
index e0fcf304988..d2800a04a9f 100755
--- a/mkosi.images/base/mkosi.extra/usr/lib/systemd/mkosi-check-and-shutdown.sh
+++ b/mkosi.images/base/mkosi.extra/usr/lib/systemd/mkosi-check-and-shutdown.sh
@@ -4,8 +4,9 @@
 systemctl --failed --no-legend | tee /failed-services
 
 # Check that secure boot keys were properly enrolled.
-if ! systemd-detect-virt --container; then
-    cmp /sys/firmware/efi/efivars/SecureBoot-8be4df61-93ca-11d2-aa0d-00e098032b8c <(printf '\6\0\0\0\1')
+if ! systemd-detect-virt --container && \
+   cmp /sys/firmware/efi/efivars/SecureBoot-8be4df61-93ca-11d2-aa0d-00e098032b8c <(printf '\6\0\0\0\1')
+then
     cmp /sys/firmware/efi/efivars/SetupMode-8be4df61-93ca-11d2-aa0d-00e098032b8c <(printf '\6\0\0\0\0')
 
     if command -v sbsign &>/dev/null; then
-- 
2.47.3