From: Michael Prokop <mika@grml.org>
Date: Fri, 1 Sep 2017 15:50:45 +0000 (+0200)
Subject: Make sure mokutil reports actual Secure Boot status even if not running under systemd
X-Git-Tag: v0.16.0~2
X-Git-Url: http://git.grml.org/?p=grml-autoconfig.git;a=commitdiff_plain;h=71e0695dbec19af6e9f0d6633957b40a6223bfab

Make sure mokutil reports actual Secure Boot status even if not running under systemd

systemd mounts /sys/firmware/efi/efivars automatically, but if we
are not running under systemd (but file-rc instead in our case)
then mokutil doesn't work as needed as it relies on
/sys/firmware/efi/efivars (while /sys/firmware/efi/vars would
exist :-/).
---

diff --git a/autoconfig.functions b/autoconfig.functions
index 8ae71d1..01d2a57 100755
--- a/autoconfig.functions
+++ b/autoconfig.functions
@@ -512,6 +512,14 @@ config_kernel(){
 
 # {{{ secure boot
 config_secureboot(){
+  # systemd does this for us, but if we are not running under systemd then mokutil
+  # doesn't work as needed as it relies on /sys/firmware/efi/efivars (while
+  # /sys/firmware/efi/vars would exist)
+  if ! $SYSTEMD ; then
+    modprobe efivars
+    mount -t efivars efivarfs /sys/firmware/efi/efivars
+  fi
+
   if [ -x /usr/bin/mokutil ] ; then
     local secstate=$(mokutil --sb-state 2>/dev/null) # "SecureBoot enabled"
     if [ -n "$secstate" ] ; then