CONFIG_PARTCONF='yes' # do we want partconf to work?
CONFIG_PASSWD='yes' # set password via bootparam passwd
CONFIG_SCRIPTS='yes' # execute scripts from the scripts option
+CONFIG_SECUREBOOT='yes' # display information about secure boot
CONFIG_SERVICES='yes' # check for services to run, provided via bootparam
CONFIG_STATS='yes' # Report stats to stats server
CONFIG_SSH='yes' # check for bootparam ssh
}
# }}}
+# {{{ secure boot
+config_secureboot(){
+ if [ -x /usr/bin/mokutil ] ; then
+ local secstate=$(mokutil --sb-state 2>/dev/null) # "SecureBoot enabled"
+ if [ -n "$secstate" ] ; then
+ einfo "SecureBoot is enabled" ; eend 0
+ else
+ ewarn "SecureBoot not detected" ; eend 0
+ fi
+ else
+ if modprobe efivars &>/dev/null ; then
+ if od -An -t u1 /sys/firmware/efi/vars/SecureBoot-*/data 2>/dev/null | grep -q 1 ; then
+ einfo "SecureBoot is enabled" ; eend 0
+ else
+ ewarn "SecureBoot not detected" ; eend 0
+ fi
+ fi
+ fi
+}
+# }}}
+
# {{{ timezone
config_timezone(){
# don't touch the files if running from harddisk:
checkvalue $CONFIG_KERNEL && config_kernel
+checkvalue $CONFIG_SECUREBOOT && config_secureboot
+
checkvalue $CONFIG_TIMEZONE && config_timezone
checkvalue $CONFIG_SWRAID && config_swraid