bootctl: report if have been booted with a measured UKI

Just expose the result of efi_measured_uki() to the user.

diff --git a/src/boot/bootctl-status.c b/src/boot/bootctl-status.c
index a6520e07197a7ea1ccc9640d342062916de0c7e0..73893dee69ebe1f20551225534e76bcd0b324974 100644 (file)
--- a/src/boot/bootctl-status.c
+++ b/src/boot/bootctl-status.c
@@ -420,6 +420,16 @@ int verb_status(int argc, char *argv[], void *userdata) {
                        (s & TPM2_SUPPORT_DRIVER) ? "driver only, firmware unavailable" : "no",
                        ansi_normal());
 
+                k = efi_measured_uki(LOG_DEBUG);
+                if (k > 0)
+                        printf("  Measured UKI: %syes%s\n", ansi_highlight_green(), ansi_normal());
+                else if (k == 0)
+                        printf("  Measured UKI: no\n");
+                else {
+                        errno = -k;
+                        printf("  Measured UKI: %sfailed%s (%m)\n", ansi_highlight_red(), ansi_normal());
+                }
+
                 k = efi_get_reboot_to_firmware();
                 if (k > 0)
                         printf("  Boot into FW: %sactive%s\n", ansi_highlight_yellow(), ansi_normal());