X-Git-Url: https://git.grml.org/?p=grml-autoconfig.git;a=blobdiff_plain;f=autoconfig.functions;h=e659549e194b77c08ec70afcde932fbccfa959ad;hp=8b1c8af66f7dc37ad2e027f9aa39cbb7a1282322;hb=23afbaf0a75b0b6144675c7f419fdbfa9dfa8522;hpb=5e4c03e1063e23049f9f6aa3c2452e1809e30cc2

diff --git a/autoconfig.functions b/autoconfig.functions
index 8b1c8af..e659549 100755
--- a/autoconfig.functions
+++ b/autoconfig.functions
@@ -259,7 +259,7 @@ config_language(){
         if [ -r /usr/share/consolefonts/Uni3-Terminus16.psf.gz ] ; then
           CONSOLEFONT='Uni3-Terminus16'
         else
-          ewarn "/usr/share/consolefonts/Uni3-Terminus16.psf.gz not available. Please upgrade package console-terminus." ; eend 1
+          ewarn "/usr/share/consolefonts/Uni3-Terminus16.psf.gz not available. Please upgrade package console-setup-linux." ; eend 1
         fi
         if ! hasfb ; then
           CONSOLEFONT='Lat15-Terminus16'
@@ -543,33 +543,41 @@ config_kernel(){
 # }}}
 
 # {{{ secure boot
-config_secureboot(){
+# helper function to check whether we're running under (enabled) Secure Boot
+running_under_secureboot() {
   # systemd does this for us, but if we are not running under systemd then mokutil
   # doesn't work as needed as it relies on /sys/firmware/efi/efivars (while
   # /sys/firmware/efi/vars would exist)
   if ! $SYSTEMD ; then
-    if modprobe efivars &>/dev/null ; then
+    if modprobe efivarfs &>/dev/null ; then
       mount -t efivarfs efivarfs /sys/firmware/efi/efivars
     fi
   fi
 
-  if [ -x /usr/bin/mokutil ] ; then
-    local secstate=$(mokutil --sb-state 2>/dev/null) # "SecureBoot enabled"
-    if [ -n "$secstate" ] ; then
-      einfo "SecureBoot is enabled" ; eend 0
+  if [[ -x "$(command -v mokutil)" ]] ; then
+    if mokutil --sb-state 2>/dev/null | grep -q 'SecureBoot enabled' ; then
+      return 0
     else
-      einfo "SecureBoot not detected" ; eend 0
+      return 1
     fi
   else
-    if modprobe efivars &>/dev/null ; then
+    if modprobe efivarfs &>/dev/null ; then
       if od -An -t u1 /sys/firmware/efi/vars/SecureBoot-*/data 2>/dev/null | grep -q 1 ; then
-        einfo "SecureBoot is enabled" ; eend 0
+        return 0
       else
-        einfo "SecureBoot not detected" ; eend 0
+        return 1
       fi
     fi
   fi
 }
+
+config_secureboot(){
+  if running_under_secureboot ; then
+      einfo "SecureBoot is enabled" ; eend 0
+  else
+      einfo "SecureBoot not detected" ; eend 0
+  fi
+}
 # }}}
 
 # {{{ timezone
@@ -1634,7 +1642,7 @@ config_dmraid(){
   fi
 
   if ! [ -x /sbin/dmraid ] ; then
-    eerror "dmraid not available, can not execute it." ; eend 1
+    ewarn "dmraid not available, can not execute it." ; eend 1
     return
   fi
 
@@ -1950,16 +1958,23 @@ config_virtualbox_setup() {
     return
   fi
 
-  if [ -x /usr/bin/VBox ] ; then
-    einfo "VirtualBox service detected, trying to set up."
-    service_wrapper vboxdrv restart >>"${DEBUG}" 2>&1 ; eend $?
-
-    config_userfstab
+  if ! [ -x /usr/bin/VBox ] ; then
+    return
+  fi
 
-    einfo "Adding user ${fstabuser:-grml} to group vboxusers."
-    adduser "${fstabuser:-grml}" vboxusers >>"${DEBUG}" 2>&1
-    eend $?
+  if running_under_secureboot ; then
+    ewarn "VirtualBox service can not be started as running under enabled Secure Boot." ; eend 0
+    return
   fi
+
+  einfo "VirtualBox service detected, trying to set up."
+  service_wrapper vboxdrv restart >>"${DEBUG}" 2>&1 ; eend $?
+
+  config_userfstab
+
+  einfo "Adding user ${fstabuser:-grml} to group vboxusers."
+  adduser "${fstabuser:-grml}" vboxusers >>"${DEBUG}" 2>&1
+  eend $?
 }
 # }}}