Provide information about whether Secure Boot is enabled or not

diff --git a/autoconfig b/autoconfig
index 7f8e44a..5451bc2 100644 (file)
--- a/autoconfig
+++ b/autoconfig
@@ -75,6 +75,7 @@ CONFIG_NETSCRIPT='yes'        # download and run script/executable provided by b
 CONFIG_PARTCONF='yes'         # do we want partconf to work?
 CONFIG_PASSWD='yes'           # set password via bootparam passwd
 CONFIG_SCRIPTS='yes'          # execute scripts from the scripts option
 CONFIG_PARTCONF='yes'         # do we want partconf to work?
 CONFIG_PASSWD='yes'           # set password via bootparam passwd
 CONFIG_SCRIPTS='yes'          # execute scripts from the scripts option

+CONFIG_SECUREBOOT='yes'       # display information about secure boot

 CONFIG_SERVICES='yes'         # check for services to run, provided via bootparam
 CONFIG_STATS='yes'            # Report stats to stats server
 CONFIG_SSH='yes'              # check for bootparam ssh
 CONFIG_SERVICES='yes'         # check for services to run, provided via bootparam
 CONFIG_STATS='yes'            # Report stats to stats server
 CONFIG_SSH='yes'              # check for bootparam ssh

diff --git a/autoconfig.functions b/autoconfig.functions
index 1c5c46b..fa75044 100755 (executable)
--- a/autoconfig.functions
+++ b/autoconfig.functions
@@ -540,6 +540,27 @@ config_kernel(){
 }
 # }}}
 
 }
 # }}}
 

+# {{{ secure boot
+config_secureboot(){
+  if [ -x /usr/bin/mokutil ] ; then
+    local secstate=$(mokutil --sb-state 2>/dev/null) # "SecureBoot enabled"
+    if [ -n "$secstate" ] ; then
+      einfo "SecureBoot is enabled" ; eend 0
+    else
+      ewarn "SecureBoot not detected" ; eend 0
+    fi
+  else
+    if modprobe efivars &>/dev/null ; then
+      if od -An -t u1 /sys/firmware/efi/vars/SecureBoot-*/data 2>/dev/null | grep -q 1 ; then
+        einfo "SecureBoot is enabled" ; eend 0
+      else
+        ewarn "SecureBoot not detected" ; eend 0
+      fi
+    fi
+  fi
+}
+# }}}
+

 # {{{ timezone
 config_timezone(){
  # don't touch the files if running from harddisk:
 # {{{ timezone
 config_timezone(){
  # don't touch the files if running from harddisk:

diff --git a/grml-autoconfig b/grml-autoconfig
index 08c0ccc..47d0c7e 100755 (executable)
--- a/grml-autoconfig
+++ b/grml-autoconfig
@@ -90,6 +90,8 @@ checkvalue $CONFIG_TIME && config_time
 
 checkvalue $CONFIG_KERNEL &&  config_kernel
 
 
 checkvalue $CONFIG_KERNEL &&  config_kernel
 

+checkvalue $CONFIG_SECUREBOOT && config_secureboot
+

 checkvalue $CONFIG_TIMEZONE && config_timezone
 
 checkvalue $CONFIG_SWRAID && config_swraid
 checkvalue $CONFIG_TIMEZONE && config_timezone
 
 checkvalue $CONFIG_SWRAID && config_swraid