From 71e0695dbec19af6e9f0d6633957b40a6223bfab Mon Sep 17 00:00:00 2001
From: Michael Prokop <mika@grml.org>
Date: Fri, 1 Sep 2017 17:50:45 +0200
Subject: [PATCH] Make sure mokutil reports actual Secure Boot status even if
 not running under systemd

systemd mounts /sys/firmware/efi/efivars automatically, but if we
are not running under systemd (but file-rc instead in our case)
then mokutil doesn't work as needed as it relies on
/sys/firmware/efi/efivars (while /sys/firmware/efi/vars would
exist :-/).
---
 autoconfig.functions | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/autoconfig.functions b/autoconfig.functions
index 8ae71d1..01d2a57 100755
--- a/autoconfig.functions
+++ b/autoconfig.functions
@@ -512,6 +512,14 @@ config_kernel(){
 
 # {{{ secure boot
 config_secureboot(){
+  # systemd does this for us, but if we are not running under systemd then mokutil
+  # doesn't work as needed as it relies on /sys/firmware/efi/efivars (while
+  # /sys/firmware/efi/vars would exist)
+  if ! $SYSTEMD ; then
+    modprobe efivars
+    mount -t efivars efivarfs /sys/firmware/efi/efivars
+  fi
+
   if [ -x /usr/bin/mokutil ] ; then
     local secstate=$(mokutil --sb-state 2>/dev/null) # "SecureBoot enabled"
     if [ -n "$secstate" ] ; then
-- 
2.1.4