From f3c12594277e5e4624a79ca9430553c50108e5af Mon Sep 17 00:00:00 2001
From: Daan De Meyer <daan.j.demeyer@gmail.com>
Date: Sat, 14 Sep 2024 22:29:54 +0200
Subject: [PATCH] Add some checks to check_inputs() for secure boot key and
 certificate

---
 mkosi/__init__.py | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/mkosi/__init__.py b/mkosi/__init__.py
index 0a47497cd..f00f89e55 100644
--- a/mkosi/__init__.py
+++ b/mkosi/__init__.py
@@ -2151,6 +2151,14 @@ def check_inputs(config: Config) -> None:
         if not os.access(script, os.X_OK):
             die(f"{script} is not executable")
 
+    if config.secure_boot and not config.secure_boot_key:
+        die("SecureBoot= is enabled but no secure boot key is configured",
+            hint="Run mkosi genkey to generate a secure boot key/certificate pair")
+
+    if config.secure_boot and not config.secure_boot_certificate:
+        die("SecureBoot= is enabled but no secure boot key is configured",
+            hint="Run mkosi genkey to generate a secure boot key/certificate pair")
+
 
 def check_tool(config: Config, *tools: PathString, reason: str, hint: Optional[str] = None) -> Path:
     tool = config.find_binary(*tools)
-- 
2.47.2