Hello community,
here is the log from the commit of package yast2-bootloader for
openSUSE:Leap:15.2 checked in at 2020-03-26 05:41:04
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Leap:15.2/yast2-bootloader (Old)
and /work/SRC/openSUSE:Leap:15.2/.yast2-bootloader.new.3160 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "yast2-bootloader"
Thu Mar 26 05:41:04 2020 rev:117 rq:787799 version:4.2.18
Changes:
--------
--- /work/SRC/openSUSE:Leap:15.2/yast2-bootloader/yast2-bootloader.changes
2020-03-13 10:55:19.788347179 +0100
+++
/work/SRC/openSUSE:Leap:15.2/.yast2-bootloader.new.3160/yast2-bootloader.changes
2020-03-26 05:41:05.747269978 +0100
@@ -1,0 +2,6 @@
+Tue Mar 24 08:10:33 UTC 2020 - Steffen Winterfeldt <[email protected]>
+
+- support s390 secure boot (jsc#SLE-9425, jsc#SLE-9471, bsc#1166736)
+- 4.2.18
+
+-------------------------------------------------------------------
Old:
----
yast2-bootloader-4.2.17.tar.bz2
New:
----
yast2-bootloader-4.2.18.tar.bz2
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ yast2-bootloader.spec ++++++
--- /var/tmp/diff_new_pack.ZFvSXL/_old 2020-03-26 05:41:06.107270164 +0100
+++ /var/tmp/diff_new_pack.ZFvSXL/_new 2020-03-26 05:41:06.115270168 +0100
@@ -17,7 +17,7 @@
Name: yast2-bootloader
-Version: 4.2.17
+Version: 4.2.18
Release: 0
Summary: YaST2 - Bootloader Configuration
License: GPL-2.0-or-later
++++++ yast2-bootloader-4.2.17.tar.bz2 -> yast2-bootloader-4.2.18.tar.bz2 ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/yast2-bootloader-4.2.17/package/yast2-bootloader.changes
new/yast2-bootloader-4.2.18/package/yast2-bootloader.changes
--- old/yast2-bootloader-4.2.17/package/yast2-bootloader.changes
2020-02-28 15:32:22.000000000 +0100
+++ new/yast2-bootloader-4.2.18/package/yast2-bootloader.changes
2020-03-24 11:32:12.000000000 +0100
@@ -1,4 +1,10 @@
-------------------------------------------------------------------
+Tue Mar 24 08:10:33 UTC 2020 - Steffen Winterfeldt <[email protected]>
+
+- support s390 secure boot (jsc#SLE-9425, jsc#SLE-9471, bsc#1166736)
+- 4.2.18
+
+-------------------------------------------------------------------
Fri Feb 28 14:23:30 UTC 2020 - Steffen Winterfeldt <[email protected]>
- add support for S390 secure boot (jsc#SLE-9471, jsc#SLE-9425)
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/yast2-bootloader-4.2.17/package/yast2-bootloader.spec
new/yast2-bootloader-4.2.18/package/yast2-bootloader.spec
--- old/yast2-bootloader-4.2.17/package/yast2-bootloader.spec 2020-02-28
15:32:22.000000000 +0100
+++ new/yast2-bootloader-4.2.18/package/yast2-bootloader.spec 2020-03-24
11:32:12.000000000 +0100
@@ -17,7 +17,7 @@
Name: yast2-bootloader
-Version: 4.2.17
+Version: 4.2.18
Release: 0
Summary: YaST2 - Bootloader Configuration
License: GPL-2.0-or-later
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/yast2-bootloader-4.2.17/src/lib/bootloader/grub2_widgets.rb
new/yast2-bootloader-4.2.18/src/lib/bootloader/grub2_widgets.rb
--- old/yast2-bootloader-4.2.17/src/lib/bootloader/grub2_widgets.rb
2020-02-28 15:32:22.000000000 +0100
+++ new/yast2-bootloader-4.2.18/src/lib/bootloader/grub2_widgets.rb
2020-03-24 11:32:12.000000000 +0100
@@ -328,7 +328,22 @@
end
def help
- _("<p><b>Enable Secure Boot Support</b> if checked enables Secure Boot
support.</p>")
+ if Yast::Arch.s390
+ _(
+ "<p><b>Enable Secure Boot Support</b> if checked enables Secure Boot
support.<br>" \
+ "This does not turn on secure booting. " \
+ "It only switches to the new secure-boot enabled boot data format. "
\
+ "Note that this new format works only on z15 or later. " \
+ "You cannot boot on z14 machines or older.</p>"
+ )
+ else
+ _(
+ "<p><b>Enable Secure Boot Support</b> if checked enables Secure Boot
support.<br>" \
+ "This does not turn on secure booting. " \
+ "It only sets up the boot loader in a way that supports secure
booting. " \
+ "You still have to enable Secure Boot in the UEFI Firmware.</p> "
+ )
+ end
end
def init
@@ -342,12 +357,13 @@
def validate
return true if Yast::Mode.config ||
!Yast::Arch.s390 ||
+ !value ||
value == Systeminfo.secure_boot_active?
Yast::Popup.ContinueCancel(
_(
- "Make sure the Secure Boot setting matches the configuration of the
HMC.\n\n" \
- "Otherwise this system will not boot."
+ "The new secure-boot enabled boot data format works only on z15 and
later.\n\n" \
+ "Older machines will not boot."
)
)
end
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/yast2-bootloader-4.2.17/src/lib/bootloader/proposal_client.rb
new/yast2-bootloader-4.2.18/src/lib/bootloader/proposal_client.rb
--- old/yast2-bootloader-4.2.17/src/lib/bootloader/proposal_client.rb
2020-02-28 15:32:22.000000000 +0100
+++ new/yast2-bootloader-4.2.18/src/lib/bootloader/proposal_client.rb
2020-03-24 11:32:12.000000000 +0100
@@ -361,8 +361,8 @@
if value && Yast::Arch.s390
Yast2::Popup.show(
_(
- "Make sure to also enable Secure Boot in the HMC.\n\n" \
- "Otherwise this system will not boot."
+ "The new secure-boot enabled boot data format works only on z15
and later.\n\n" \
+ "Older machines will not boot."
),
headline: :warning, buttons: :ok
)
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/yast2-bootloader-4.2.17/src/lib/bootloader/systeminfo.rb
new/yast2-bootloader-4.2.18/src/lib/bootloader/systeminfo.rb
--- old/yast2-bootloader-4.2.17/src/lib/bootloader/systeminfo.rb
2020-02-28 15:32:22.000000000 +0100
+++ new/yast2-bootloader-4.2.18/src/lib/bootloader/systeminfo.rb
2020-03-24 11:32:12.000000000 +0100
@@ -16,7 +16,7 @@
#
# @return [Boolean] true if secure boot is currently active
def secure_boot_active?
- (efi_supported? && Sysconfig.from_system.secure_boot) ||
s390_secure_boot_active?
+ (efi_supported? || s390_secure_boot_supported?) &&
Sysconfig.from_system.secure_boot
end
# Check if secure boot is in principle supported.
@@ -91,8 +91,10 @@
#
# @return [Boolean] true if this is an s390 machine and it has secure
boot support
def s390_secure_boot_supported?
- # FIXME: this is just a stub - replace with real code later
- Yast::Arch.s390
+ # see jsc#SLE-9425
+ File.read("/sys/firmware/ipl/has_secure", 1) == "1"
+ rescue StandardError
+ false
end
# Check if secure boot is currently active on an s390 machine.
@@ -101,7 +103,9 @@
#
# @return [Boolean] true if 390x machine has secure boot enabled
def s390_secure_boot_active?
- # FIXME: this is just a stub - replace with real code later
+ # see jsc#SLE-9425
+ File.read("/sys/firmware/ipl/secure", 1) == "1"
+ rescue StandardError
false
end
end
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/yast2-bootloader-4.2.17/test/systeminfo_test.rb
new/yast2-bootloader-4.2.18/test/systeminfo_test.rb
--- old/yast2-bootloader-4.2.17/test/systeminfo_test.rb 2020-02-28
15:32:22.000000000 +0100
+++ new/yast2-bootloader-4.2.18/test/systeminfo_test.rb 2020-03-24
11:32:12.000000000 +0100
@@ -68,9 +68,10 @@
end
end
- context "and arch is s390x" do
+ context "and has_secure is 1 on arch s390x " do
let(:arch) { "s390_64" }
it "returns true" do
+ allow(File).to receive(:read).with("/sys/firmware/ipl/has_secure",
1).and_return("1")
expect(described_class.secure_boot_available?("grub2")).to be true
end
end
@@ -287,8 +288,18 @@
context "if arch is s390x" do
let(:arch) { "s390_64" }
- it "returns true" do
- expect(described_class.s390_secure_boot_supported?).to be true
+ context "and has_secure is 1" do
+ it "returns true" do
+ allow(File).to receive(:read).with("/sys/firmware/ipl/has_secure",
1).and_return("1")
+ expect(described_class.s390_secure_boot_supported?).to be true
+ end
+ end
+
+ context "and has_secure is 0" do
+ it "returns false" do
+ allow(File).to receive(:read).with("/sys/firmware/ipl/has_secure",
1).and_return("0")
+ expect(described_class.s390_secure_boot_supported?).to be false
+ end
end
end
