Hello community, here is the log from the commit of package tboot for openSUSE:Factory checked in at 2020-11-12 22:48:31 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/tboot (Old) and /work/SRC/openSUSE:Factory/.tboot.new.24930 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "tboot" Thu Nov 12 22:48:31 2020 rev:43 rq:848115 version:20200429_1.9.12 Changes: -------- --- /work/SRC/openSUSE:Factory/tboot/tboot.changes 2020-09-29 19:02:29.309823422 +0200 +++ /work/SRC/openSUSE:Factory/.tboot.new.24930/tboot.changes 2020-11-12 22:50:04.178810581 +0100 @@ -1,0 +2,8 @@ +Thu Nov 12 12:19:51 UTC 2020 - Matthias Gerstner <[email protected]> + +- add tboot-grub2-refuse-secure-boot.patch: don't generate tboot menu entries + in grub when the system is running with UEFI Secure Boot (bsc#1175114). This + prevents hard to understand error messages when trying to boot tboot in this + context. + +------------------------------------------------------------------- New: ---- tboot-grub2-refuse-secure-boot.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ tboot.spec ++++++ --- /var/tmp/diff_new_pack.ZCUJE8/_old 2020-11-12 22:50:04.858811290 +0100 +++ /var/tmp/diff_new_pack.ZCUJE8/_new 2020-11-12 22:50:04.862811294 +0100 @@ -28,6 +28,7 @@ Patch3: tboot-grub2-fix-menu-in-xen-host-server.patch Patch4: tboot-grub2-fix-xen-submenu-name.patch Patch7: tboot-distributor.patch +Patch8: tboot-grub2-refuse-secure-boot.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build ExclusiveArch: %{ix86} x86_64 BuildRequires: openssl-devel @@ -54,6 +55,7 @@ %patch3 -p1 %patch4 -p1 %patch7 -p1 +%patch8 -p1 %build # Tumbleweed now uses -flto=3 by default which gives us trouble with the ++++++ tboot-grub2-refuse-secure-boot.patch ++++++ Index: tboot-1.9.12/tboot/20_linux_tboot =================================================================== --- tboot-1.9.12.orig/tboot/20_linux_tboot +++ tboot-1.9.12/tboot/20_linux_tboot @@ -34,6 +34,28 @@ if test -e ${sysconfdir}/default/grub-tb . ${sysconfdir}/default/grub-tboot fi +secureBootActive() +{ + for secboot_var in /sys/firmware/efi/efivars/SecureBoot-*; do + [ ! -e "$secboot_var" ] && continue + + # this variable contains a '1' byte at the end if secure boot is enabled + local secboot_byte=`od --address-radix=n --format=u1 "$secboot_var" | tr -d ' \n' | tail -c 1` + + [ "$secboot_byte" = "1" ] && return 0 + done + + return 1 +} + +if secureBootActive; then + cat >&2 << EOF +Not generating tboot menu entries, because UEFI Secure Boot is active. +tboot is not compatible with UEFI Secure Boot. +EOF + exit 0 +fi + # Set the following variables in /etc/default/grub-tboot to customize command lines # (empty values are treated as if the variables were unset). [ -z "${GRUB_CMDLINE_TBOOT}" ] && unset GRUB_CMDLINE_TBOOT Index: tboot-1.9.12/tboot/20_linux_xen_tboot =================================================================== --- tboot-1.9.12.orig/tboot/20_linux_xen_tboot +++ tboot-1.9.12/tboot/20_linux_xen_tboot @@ -34,6 +34,28 @@ if test -e ${sysconfdir}/default/grub-tb . ${sysconfdir}/default/grub-tboot fi +secureBootActive() +{ + for secboot_var in /sys/firmware/efi/efivars/SecureBoot-*; do + [ ! -e "$secboot_var" ] && continue + + # this variable contains a '1' byte at the end if secure boot is enabled + local secboot_byte=`od --address-radix=n --format=u1 "$secboot_var" | tr -d ' \n' | tail -c 1` + + [ "$secboot_byte" = "1" ] && return 0 + done + + return 1 +} + +if secureBootActive; then + cat >&2 << EOF +Not generating tboot menu entries, because UEFI Secure Boot is active. +tboot is not compatible with UEFI Secure Boot. +EOF + exit 0 +fi + # Set the following variables in /etc/default/grub-tboot to customize command lines # (empty values are treated as if the variables were unset). [ -z "${GRUB_CMDLINE_TBOOT}" ] && unset GRUB_CMDLINE_TBOOT _______________________________________________ openSUSE Commits mailing list -- [email protected] To unsubscribe, email [email protected] List Netiquette: https://en.opensuse.org/openSUSE:Mailing_list_netiquette List Archives: https://lists.opensuse.org/archives/list/[email protected]
