Hello community,
here is the log from the commit of package yast2-bootloader for
openSUSE:Factory checked in at 2020-10-18 16:24:13
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/yast2-bootloader (Old)
and /work/SRC/openSUSE:Factory/.yast2-bootloader.new.3486 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "yast2-bootloader"
Sun Oct 18 16:24:13 2020 rev:296 rq:842115 version:4.3.12
Changes:
--------
--- /work/SRC/openSUSE:Factory/yast2-bootloader/yast2-bootloader.changes
2020-09-18 14:28:43.111309587 +0200
+++
/work/SRC/openSUSE:Factory/.yast2-bootloader.new.3486/yast2-bootloader.changes
2020-10-18 16:24:49.352581654 +0200
@@ -1,0 +2,20 @@
+Thu Oct 8 18:05:29 UTC 2020 - Josef Reidinger <[email protected]>
+
+- Fix definition of initrd_module in AutoYaST schema (bsc#1177058)
+- 4.3.12
+
+-------------------------------------------------------------------
+Tue Sep 29 13:05:19 UTC 2020 - Imobach Gonzalez Sosa <[email protected]>
+
+- Drop the 'suse_btrfs' element from the AutoYaST schema
+ (bsc#1176970).
+- 4.3.11
+
+-------------------------------------------------------------------
+Wed Sep 23 12:01:59 UTC 2020 - Michal Suchanek <[email protected]>
+
+- Add UPDATE_NVRAM in /etc/sysconfig/bootloader (bsc#1157550,
+ jsc#SLE-11500).
+- 4.3.10
+
+-------------------------------------------------------------------
Old:
----
yast2-bootloader-4.3.9.tar.bz2
New:
----
yast2-bootloader-4.3.12.tar.bz2
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ yast2-bootloader.spec ++++++
--- /var/tmp/diff_new_pack.EC7jKK/_old 2020-10-18 16:24:51.028582400 +0200
+++ /var/tmp/diff_new_pack.EC7jKK/_new 2020-10-18 16:24:51.032582402 +0200
@@ -17,7 +17,7 @@
Name: yast2-bootloader
-Version: 4.3.9
+Version: 4.3.12
Release: 0
Summary: YaST2 - Bootloader Configuration
License: GPL-2.0-or-later
++++++ yast2-bootloader-4.3.9.tar.bz2 -> yast2-bootloader-4.3.12.tar.bz2 ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/yast2-bootloader-4.3.9/package/yast2-bootloader.changes
new/yast2-bootloader-4.3.12/package/yast2-bootloader.changes
--- old/yast2-bootloader-4.3.9/package/yast2-bootloader.changes 2020-09-14
08:39:11.000000000 +0200
+++ new/yast2-bootloader-4.3.12/package/yast2-bootloader.changes
2020-10-16 15:46:31.000000000 +0200
@@ -1,4 +1,24 @@
-------------------------------------------------------------------
+Thu Oct 8 18:05:29 UTC 2020 - Josef Reidinger <[email protected]>
+
+- Fix definition of initrd_module in AutoYaST schema (bsc#1177058)
+- 4.3.12
+
+-------------------------------------------------------------------
+Tue Sep 29 13:05:19 UTC 2020 - Imobach Gonzalez Sosa <[email protected]>
+
+- Drop the 'suse_btrfs' element from the AutoYaST schema
+ (bsc#1176970).
+- 4.3.11
+
+-------------------------------------------------------------------
+Wed Sep 23 12:01:59 UTC 2020 - Michal Suchanek <[email protected]>
+
+- Add UPDATE_NVRAM in /etc/sysconfig/bootloader (bsc#1157550,
+ jsc#SLE-11500).
+- 4.3.10
+
+-------------------------------------------------------------------
Mon Sep 14 12:07:31 UTC 2020 - Josef Reidinger <[email protected]>
- merge SLE15 SP2 changes:
-- fix detection of present of efivars causing grub2-install
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/yast2-bootloader-4.3.9/package/yast2-bootloader.spec
new/yast2-bootloader-4.3.12/package/yast2-bootloader.spec
--- old/yast2-bootloader-4.3.9/package/yast2-bootloader.spec 2020-09-14
08:39:11.000000000 +0200
+++ new/yast2-bootloader-4.3.12/package/yast2-bootloader.spec 2020-10-16
15:46:31.000000000 +0200
@@ -17,7 +17,7 @@
Name: yast2-bootloader
-Version: 4.3.9
+Version: 4.3.12
Release: 0
Summary: YaST2 - Bootloader Configuration
License: GPL-2.0-or-later
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/yast2-bootloader-4.3.9/src/autoyast-rnc/bootloader.rnc
new/yast2-bootloader-4.3.12/src/autoyast-rnc/bootloader.rnc
--- old/yast2-bootloader-4.3.9/src/autoyast-rnc/bootloader.rnc 2020-09-14
08:39:11.000000000 +0200
+++ new/yast2-bootloader-4.3.12/src/autoyast-rnc/bootloader.rnc 2020-10-16
15:46:31.000000000 +0200
@@ -43,7 +43,10 @@
LIST,
initrd_module+
}
-initrd_module = element initrd_module { bl_module, module_args? }
+initrd_module = element initrd_module {
+ MAP,
+ (bl_module, module_args?)
+}
module_args = element module_args { STRING }
bl_module = element module { STRING }
loader_device = element loader_device { STRING }
@@ -64,8 +67,8 @@
element failsafe_disabled { STRING_BOOL }? &
element hiddenmenu { STRING_BOOL }? &
element os_prober { STRING_BOOL }? &
- element suse_btrfs { STRING_BOOL }? &
element secure_boot { STRING_BOOL }? &
+ element update_nvram { STRING_BOOL }? &
element xen_append { STRING }? &
element xen_kernel_append { STRING }? &
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/yast2-bootloader-4.3.9/src/lib/bootloader/autoinst_profile/global_section.rb
new/yast2-bootloader-4.3.12/src/lib/bootloader/autoinst_profile/global_section.rb
---
old/yast2-bootloader-4.3.9/src/lib/bootloader/autoinst_profile/global_section.rb
2020-09-14 08:39:11.000000000 +0200
+++
new/yast2-bootloader-4.3.12/src/lib/bootloader/autoinst_profile/global_section.rb
2020-10-16 15:46:31.000000000 +0200
@@ -45,6 +45,7 @@
{ name: :timeout },
{ name: :trusted_boot },
{ name: :trusted_grub },
+ { name: :update_nvram },
{ name: :vgamode },
{ name: :xen_append },
{ name: :xen_kernel_append }
@@ -111,6 +112,10 @@
# @return [String,nil] use Trusted GRUB (only for `grub2` loader
type). Valid values
# are "true" and "false".
+ # @!attribute update_nvram
+ # @return [String,nil] Update NVRAM with entry for the installed
bootloader. Valid values
+ # are "true" and "false".
+
# @!attribute vgamode
# @return [String,nil] `vga` kernel parameter (e.g., "0x317").
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/yast2-bootloader-4.3.9/src/lib/bootloader/autoyast_converter.rb
new/yast2-bootloader-4.3.12/src/lib/bootloader/autoyast_converter.rb
--- old/yast2-bootloader-4.3.9/src/lib/bootloader/autoyast_converter.rb
2020-09-14 08:39:11.000000000 +0200
+++ new/yast2-bootloader-4.3.12/src/lib/bootloader/autoyast_converter.rb
2020-10-16 15:46:31.000000000 +0200
@@ -222,7 +222,8 @@
# only for grub2, not for others
GRUB2EFI_BOOLEAN_MAPPING = {
- "secure_boot" => :secure_boot
+ "secure_boot" => :secure_boot,
+ "update_nvram" => :update_nvram
}.freeze
private_constant :GRUB2EFI_BOOLEAN_MAPPING
def export_grub2efi(res, bootloader)
@@ -235,7 +236,8 @@
# only for grub2, not for others
GRUB2_BOOLEAN_MAPPING = {
"secure_boot" => :secure_boot,
- "trusted_grub" => :trusted_boot
+ "trusted_grub" => :trusted_boot,
+ "update_nvram" => :update_nvram
}.freeze
private_constant :GRUB2_BOOLEAN_MAPPING
def export_grub2(res, bootloader)
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/yast2-bootloader-4.3.9/src/lib/bootloader/grub2.rb
new/yast2-bootloader-4.3.12/src/lib/bootloader/grub2.rb
--- old/yast2-bootloader-4.3.9/src/lib/bootloader/grub2.rb 2020-09-14
08:39:11.000000000 +0200
+++ new/yast2-bootloader-4.3.12/src/lib/bootloader/grub2.rb 2020-10-16
15:46:31.000000000 +0200
@@ -66,7 +66,8 @@
# powernv must not call grub2-install (bnc#970582)
unless Yast::Arch.board_powernv
failed = @grub_install.execute(
- devices: stage1.devices, secure_boot: secure_boot, trusted_boot:
trusted_boot
+ devices: stage1.devices, secure_boot: secure_boot, trusted_boot:
trusted_boot,
+ update_nvram: update_nvram
)
failed.each { |f| stage1.remove_device(f) }
stage1.write
@@ -105,8 +106,7 @@
)
]
- result << secure_boot_summary if Systeminfo.secure_boot_available?(name)
- result << trusted_boot_summary if
Systeminfo.trusted_boot_available?(name)
+ result.concat(boot_flags_summary)
locations_val = locations
if !locations_val.empty?
@@ -145,7 +145,8 @@
# overwrite BootloaderBase version to save trusted boot
def write_sysconfig(prewrite: false)
sysconfig = Bootloader::Sysconfig.new(
- bootloader: name, secure_boot: secure_boot, trusted_boot: trusted_boot
+ bootloader: name, secure_boot: secure_boot, trusted_boot: trusted_boot,
+ update_nvram: update_nvram
)
prewrite ? sysconfig.pre_write : sysconfig.write
end
@@ -256,5 +257,15 @@
# TRANSLATORS: title for list of location proposals
_("Change Location: %s") % line
end
+
+ # summary for various boot flags
+ def boot_flags_summary
+ result = []
+ result << secure_boot_summary if Systeminfo.secure_boot_available?(name)
+ result << trusted_boot_summary if
Systeminfo.trusted_boot_available?(name)
+ result << update_nvram_summary if Systeminfo.nvram_available?(name)
+
+ result
+ end
end
end
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/yast2-bootloader-4.3.9/src/lib/bootloader/grub2_widgets.rb
new/yast2-bootloader-4.3.12/src/lib/bootloader/grub2_widgets.rb
--- old/yast2-bootloader-4.3.9/src/lib/bootloader/grub2_widgets.rb
2020-09-14 08:39:11.000000000 +0200
+++ new/yast2-bootloader-4.3.12/src/lib/bootloader/grub2_widgets.rb
2020-10-16 15:46:31.000000000 +0200
@@ -423,6 +423,35 @@
end
end
+ # Represents switcher for NVRAM update
+ class UpdateNvramWidget < CWM::CheckBox
+ include Grub2Widget
+
+ def initialize
+ textdomain "bootloader"
+ end
+
+ def label
+ _("Update &NVRAM Entry")
+ end
+
+ def help
+ res = _("<p><b>Update NVRAM Entry</b> will add nvram entry for the
bootloader\n" \
+ "in the firmware.\n" \
+ "This is usually desirable unless you want to preserve specific
settings\n" \
+ "or need to work around firmware issues.</p>\n")
+ res
+ end
+
+ def init
+ self.value = grub2.update_nvram
+ end
+
+ def store
+ grub2.update_nvram = value
+ end
+ end
+
# Represents grub password protection widget
class GrubPasswordWidget < CWM::CustomWidget
include Grub2Widget
@@ -979,6 +1008,7 @@
w << SecureBootWidget.new if secure_boot_widget?
w << TrustedBootWidget.new if trusted_boot_widget?
+ w << UpdateNvramWidget.new if update_nvram_widget?
w.map do |widget|
MarginBox(horizontal_margin, 0, Left(widget))
@@ -1017,6 +1047,10 @@
Systeminfo.trusted_boot_available?(grub2.name)
end
+ def update_nvram_widget?
+ Systeminfo.nvram_available?(grub2.name)
+ end
+
def pmbr_widget?
(Yast::Arch.x86_64 || Yast::Arch.i386) &&
Yast::BootStorage.gpt_boot_disk?
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/yast2-bootloader-4.3.9/src/lib/bootloader/grub2base.rb
new/yast2-bootloader-4.3.12/src/lib/bootloader/grub2base.rb
--- old/yast2-bootloader-4.3.9/src/lib/bootloader/grub2base.rb 2020-09-14
08:39:11.000000000 +0200
+++ new/yast2-bootloader-4.3.12/src/lib/bootloader/grub2base.rb 2020-10-16
15:46:31.000000000 +0200
@@ -53,6 +53,10 @@
# @return [Boolean] current secure boot setting
attr_accessor :secure_boot
+ # @!attribute update_nvram
+ # @return [Boolean] current update nvram setting
+ attr_accessor :update_nvram
+
# @!attribute console
# @return [::Bootloader::SerialConsole] serial console or nil if none
attr_reader :console
@@ -70,6 +74,7 @@
@sections = ::Bootloader::Sections.new
@pmbr_action = :nothing
@explicit_cpu_mitigations = false
+ @update_nvram = true
end
# general functions
@@ -125,6 +130,7 @@
self.trusted_boot = Systeminfo.trusted_boot_active?
self.secure_boot = Systeminfo.secure_boot_active?
+ self.update_nvram = Systeminfo.update_nvram_active?
end
def write
@@ -162,6 +168,7 @@
self.trusted_boot = false
self.secure_boot = Systeminfo.secure_boot_active?
+ self.update_nvram = true
end
def merge(other)
@@ -174,6 +181,7 @@
self.trusted_boot = other.trusted_boot unless other.trusted_boot.nil?
self.secure_boot = other.secure_boot unless other.secure_boot.nil?
+ self.update_nvram = other.update_nvram unless other.update_nvram.nil?
end
def enable_serial_console(console_arg_string)
@@ -400,6 +408,18 @@
"<a href=\"enable_trusted_boot\">(" + _("enable") + ")</a>"
end
end
+
+ # Update nvram shown in summary screen
+ #
+ # @return [String]
+ def update_nvram_summary
+ _("Update NVRAM:") + " " + (update_nvram ? _("enabled") : _("disabled"))
+ " " +
+ if update_nvram
+ "<a href=\"disable_update_nvram\">(" + _("disable") + ")</a>"
+ else
+ "<a href=\"enable_update_nvram\">(" + _("enable") + ")</a>"
+ end
+ end
end
# rubocop:enable Metrics/ClassLength
end
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/yast2-bootloader-4.3.9/src/lib/bootloader/grub2efi.rb
new/yast2-bootloader-4.3.12/src/lib/bootloader/grub2efi.rb
--- old/yast2-bootloader-4.3.9/src/lib/bootloader/grub2efi.rb 2020-09-14
08:39:11.000000000 +0200
+++ new/yast2-bootloader-4.3.12/src/lib/bootloader/grub2efi.rb 2020-10-16
15:46:31.000000000 +0200
@@ -47,7 +47,8 @@
pmbr_setup(*disks.map(&:name))
end
- @grub_install.execute(secure_boot: secure_boot, trusted_boot:
trusted_boot)
+ @grub_install.execute(secure_boot: secure_boot, trusted_boot:
trusted_boot,
+ update_nvram: update_nvram)
true
end
@@ -77,6 +78,7 @@
result << secure_boot_summary if Systeminfo.secure_boot_available?(name)
result << trusted_boot_summary if
Systeminfo.trusted_boot_available?(name)
+ result << update_nvram_summary if Systeminfo.nvram_available?(name)
result
end
@@ -108,7 +110,7 @@
# overwrite BootloaderBase version to save secure boot
def write_sysconfig(prewrite: false)
sysconfig = Bootloader::Sysconfig.new(bootloader: name,
- secure_boot: secure_boot, trusted_boot: trusted_boot)
+ secure_boot: secure_boot, trusted_boot: trusted_boot, update_nvram:
true)
prewrite ? sysconfig.pre_write : sysconfig.write
end
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/yast2-bootloader-4.3.9/src/lib/bootloader/grub_install.rb
new/yast2-bootloader-4.3.12/src/lib/bootloader/grub_install.rb
--- old/yast2-bootloader-4.3.9/src/lib/bootloader/grub_install.rb
2020-09-14 08:39:11.000000000 +0200
+++ new/yast2-bootloader-4.3.12/src/lib/bootloader/grub_install.rb
2020-10-16 15:46:31.000000000 +0200
@@ -25,8 +25,9 @@
# Ignored when grub2 does not need device.
# @param secure_boot [Boolean] if secure boot variant should be used
# @param trusted_boot [Boolean] if trusted boot variant should be used
+ # @param update_nvram [Boolean] if bootloader entry should be added to
nvram
# @return [Array<String>] list of devices for which install failed
- def execute(devices: [], secure_boot: false, trusted_boot: false)
+ def execute(devices: [], secure_boot: false, trusted_boot: false,
update_nvram: true)
if secure_boot && !Systeminfo.secure_boot_available?(@grub2_name)
# There might be some secure boot setting left over when the
# bootloader had been switched.
@@ -35,14 +36,13 @@
log.warn "Ignoring secure boot setting on this machine"
end
- cmd = basic_cmd(secure_boot, trusted_boot)
+ cmd = basic_cmd(secure_boot, trusted_boot, update_nvram)
if no_device_install?
Yast::Execute.on_target(cmd)
# workaround for arm on SLE15 SP2 (bsc#1167015)
# run grub2-install also non-removable if efi is there
if Yast::Arch.aarch64 &&
!Dir.glob("/sys/firmware/efi/efivars/*").empty?
- cmd.delete("--no-nvram")
cmd.delete("--removable")
Yast::Execute.on_target(cmd)
end
@@ -85,7 +85,7 @@
# creates basic command for grub2 install without specifying any stage1
# locations
- def basic_cmd(secure_boot, trusted_boot)
+ def basic_cmd(secure_boot, trusted_boot, update_nvram)
if Systeminfo.shim_needed?(@grub2_name, secure_boot)
cmd = ["/usr/sbin/shim-install", "--config-file=/boot/grub2/grub.cfg"]
else
@@ -101,7 +101,8 @@
cmd << (efi ? "--suse-enable-tpm" :
"--directory=/usr/lib/trustedgrub2/#{target}")
end
- cmd << "--no-nvram" << "--removable" if removable_efi?
+ cmd << "--removable" if removable_efi?
+ cmd << "--no-nvram" if !update_nvram
cmd
end
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/yast2-bootloader-4.3.9/src/lib/bootloader/sysconfig.rb
new/yast2-bootloader-4.3.12/src/lib/bootloader/sysconfig.rb
--- old/yast2-bootloader-4.3.9/src/lib/bootloader/sysconfig.rb 2020-09-14
08:39:11.000000000 +0200
+++ new/yast2-bootloader-4.3.12/src/lib/bootloader/sysconfig.rb 2020-10-16
15:46:31.000000000 +0200
@@ -13,7 +13,8 @@
ATTR_VALUE_MAPPING = {
bootloader: "LOADER_TYPE",
secure_boot: "SECURE_BOOT",
- trusted_boot: "TRUSTED_BOOT"
+ trusted_boot: "TRUSTED_BOOT",
+ update_nvram: "UPDATE_NVRAM"
}.freeze
# specifies bootloader in sysconfig
@@ -22,12 +23,15 @@
attr_accessor :secure_boot
# @return [Boolean] if trusted boot should be used
attr_accessor :trusted_boot
+ # @return [Boolean] if nvram should be updated
+ attr_accessor :update_nvram
- def initialize(bootloader: nil, secure_boot: false, trusted_boot: false)
+ def initialize(bootloader: nil, secure_boot: false, trusted_boot: false,
update_nvram: true)
@sys_agent = AGENT_PATH
@bootloader = bootloader
@secure_boot = secure_boot
@trusted_boot = trusted_boot
+ @update_nvram = update_nvram
end
def self.from_system
@@ -38,7 +42,10 @@
trusted_boot = Yast::SCR.Read(AGENT_PATH + "TRUSTED_BOOT") == "yes"
- new(bootloader: bootloader, secure_boot: secure_boot, trusted_boot:
trusted_boot)
+ update_nvram = Yast::SCR.Read(AGENT_PATH + "UPDATE_NVRAM") != "no"
+
+ new(bootloader: bootloader, secure_boot: secure_boot, trusted_boot:
trusted_boot,
+ update_nvram: update_nvram)
end
# Specialized write before rpm install, that do not have switched SCR
@@ -82,6 +89,16 @@
"#\n" \
"# Enable Trusted Boot support\n" \
"# Only available on hardware with a Trusted Platform Module.\n" \
+ "#\n",
+
+ update_nvram: "\n" \
+ "## Path:\tSystem/Bootloader\n" \
+ "## Description:\tBootloader configuration\n" \
+ "## Type:\tyesno\n" \
+ "## Default:\t\"yes\"\n" \
+ "#\n" \
+ "# Update nvram boot settings (UEFI, OF)\n" \
+ "# Unset to preserve specific settings or workaround firmware
issues.\n" \
"#\n"
}.freeze
@@ -96,6 +113,9 @@
tb = trusted_boot ? "yes" : "no"
write_option(:trusted_boot, tb)
+ un = update_nvram ? "yes" : "no"
+ write_option(:update_nvram, un)
+
# flush write
Yast::SCR.Write(sys_agent, nil)
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/yast2-bootloader-4.3.9/src/lib/bootloader/systeminfo.rb
new/yast2-bootloader-4.3.12/src/lib/bootloader/systeminfo.rb
--- old/yast2-bootloader-4.3.9/src/lib/bootloader/systeminfo.rb 2020-09-14
08:39:11.000000000 +0200
+++ new/yast2-bootloader-4.3.12/src/lib/bootloader/systeminfo.rb
2020-10-16 15:46:31.000000000 +0200
@@ -45,6 +45,15 @@
Sysconfig.from_system.trusted_boot
end
+ # Check if the system is expected to have nvram - ie.
update_nvram_active? makes a difference
+ def nvram_available?(bootloader_name = nil)
+ (bootloader_name ? efi_used?(bootloader_name) : efi_supported?) ||
Yast::Arch.ppc
+ end
+
+ def update_nvram_active?
+ Sysconfig.from_system.update_nvram
+ end
+
# Check if trusted boot is configurable with a bootloader.
#
# param bootloader_name [String] bootloader name
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/yast2-bootloader-4.3.9/test/autoyast_converter_test.rb
new/yast2-bootloader-4.3.12/test/autoyast_converter_test.rb
--- old/yast2-bootloader-4.3.9/test/autoyast_converter_test.rb 2020-09-14
08:39:11.000000000 +0200
+++ new/yast2-bootloader-4.3.12/test/autoyast_converter_test.rb 2020-10-16
15:46:31.000000000 +0200
@@ -56,6 +56,7 @@
"activate" => "true",
"generic_mbr" => "false",
"trusted_grub" => "true",
+ "update_nvram" => "true",
"boot_boot" => "true"
}
@@ -71,6 +72,7 @@
expect(bootloader.stage1).to be_activate
expect(bootloader.stage1.boot_partition?).to eq true
expect(bootloader.trusted_boot).to eq true
+ expect(bootloader.update_nvram).to eq true
end
it "imports device map for grub2 on intel architecture" do
@@ -129,6 +131,7 @@
"hiddenmenu" => "true",
"timeout" => 10,
"trusted_grub" => "true",
+ "update_nvram" => "true",
"cpu_mitigations" => "manual"
}
@@ -142,6 +145,10 @@
bootloader.secure_boot = true
expect(subject.export(bootloader)["global"]["secure_boot"]).to eq
"true"
end
+ it "exports update nvram key" do
+ bootloader.update_nvram = false
+ expect(subject.export(bootloader)["global"]["update_nvram"]).to eq
"false"
+ end
end
end
end
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/yast2-bootloader-4.3.9/test/grub2_efi_test.rb
new/yast2-bootloader-4.3.12/test/grub2_efi_test.rb
--- old/yast2-bootloader-4.3.9/test/grub2_efi_test.rb 2020-09-14
08:39:11.000000000 +0200
+++ new/yast2-bootloader-4.3.12/test/grub2_efi_test.rb 2020-10-16
15:46:31.000000000 +0200
@@ -21,13 +21,15 @@
end
describe "#read" do
- it "reads secure boot configuration from sysconfig" do
- sysconfig = double(Bootloader::Sysconfig, secure_boot: true,
trusted_boot: true)
+ it "reads bootloader flags from sysconfig" do
+ sysconfig = double(Bootloader::Sysconfig, secure_boot: true,
trusted_boot: true, update_nvram: true)
expect(Bootloader::Sysconfig).to
receive(:from_system).and_return(sysconfig).at_least(:once)
subject.read
expect(subject.secure_boot).to eq true
+ expect(subject.trusted_boot).to eq true
+ expect(subject.update_nvram).to eq true
end
end
@@ -41,15 +43,16 @@
subject.write
end
- it "calls grub2-install with respective secure boot and trusted boot
configuration" do
+ it "calls grub2-install with respective boot flags configuration" do
# This test fails (only!) in Travis with
# Failure/Error: subject.write Storage::Exception: Storage::Exception
grub_install = double(Bootloader::GrubInstall)
- expect(grub_install).to receive(:execute).with(secure_boot: true,
trusted_boot: true)
+ expect(grub_install).to receive(:execute).with(secure_boot: true,
trusted_boot: true, update_nvram: false)
allow(Bootloader::GrubInstall).to receive(:new).and_return(grub_install)
subject.secure_boot = true
subject.trusted_boot = true
+ subject.update_nvram = false
subject.write
end
@@ -64,16 +67,17 @@
allow(Yast::PackageSystem).to receive(:InstallAll).and_return(true)
end
- it "writes secure boot and trusted boot configuration to bootloader
sysconfig" do
+ it "writes boot flags configuration to bootloader sysconfig" do
# This test fails (only!) in Travis with
# Failure/Error: subject.write Storage::Exception: Storage::Exception
expect(Bootloader::Sysconfig).to receive(:new)
- .with(bootloader: "grub2-efi", secure_boot: true, trusted_boot: true)
+ .with(bootloader: "grub2-efi", secure_boot: true, trusted_boot: true,
update_nvram: true)
.and_return(sysconfig)
expect(sysconfig).to receive(:write)
subject.secure_boot = true
subject.trusted_boot = true
+ subject.update_nvram = true
subject.prepare
end
@@ -86,6 +90,12 @@
expect(subject.pmbr_action).to eq :remove
end
+ it "proposes to update nvram" do
+ subject.propose
+
+ expect(subject.update_nvram).to eq true
+ end
+
it "proposes to use secure boot for x86_64" do
allow(Yast::Arch).to receive(:architecture).and_return("x86_64")
subject.propose
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/yast2-bootloader-4.3.9/test/grub2_test.rb
new/yast2-bootloader-4.3.12/test/grub2_test.rb
--- old/yast2-bootloader-4.3.9/test/grub2_test.rb 2020-09-14
08:39:11.000000000 +0200
+++ new/yast2-bootloader-4.3.12/test/grub2_test.rb 2020-10-16
15:46:31.000000000 +0200
@@ -81,7 +81,7 @@
grub2_install = double(Bootloader::GrubInstall)
expect(grub2_install).to receive(:execute)
- .with(devices: ["/dev/sda", "/dev/sdb1"], secure_boot: nil,
trusted_boot: false).and_return([])
+ .with(devices: ["/dev/sda", "/dev/sdb1"], secure_boot: nil,
trusted_boot: false, update_nvram: true).and_return([])
expect(Bootloader::GrubInstall).to receive(:new).with(efi:
false).and_return(grub2_install)
subject.trusted_boot = false
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/yast2-bootloader-4.3.9/test/grub2_widgets_test.rb
new/yast2-bootloader-4.3.12/test/grub2_widgets_test.rb
--- old/yast2-bootloader-4.3.9/test/grub2_widgets_test.rb 2020-09-14
08:39:11.000000000 +0200
+++ new/yast2-bootloader-4.3.12/test/grub2_widgets_test.rb 2020-10-16
15:46:31.000000000 +0200
@@ -253,6 +253,43 @@
end
end
+describe Bootloader::UpdateNvramWidget do
+ before do
+ assign_bootloader("grub2-efi")
+ end
+
+ it_behaves_like "labeled widget"
+
+ it "is initialized to update nvram flag" do
+ bootloader.update_nvram = false
+ expect(subject).to receive(:value=).with(false)
+
+ subject.init
+ end
+
+ it "stores update nvram flag" do
+ expect(subject).to receive(:value).and_return(true)
+ subject.store
+
+ expect(bootloader.update_nvram).to eq true
+ end
+
+ it "is initialized to update nvram flag" do
+ bootloader.update_nvram = true
+ expect(subject).to receive(:value=).with(true)
+
+ subject.init
+ end
+
+ it "stores update nvram flag" do
+ expect(subject).to receive(:value).and_return(false)
+ subject.store
+
+ expect(bootloader.update_nvram).to eq false
+ end
+
+end
+
describe Bootloader::TrustedBootWidget do
include_examples "CWM::AbstractWidget"
end
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/yast2-bootloader-4.3.9/test/grub2base_test.rb
new/yast2-bootloader-4.3.12/test/grub2base_test.rb
--- old/yast2-bootloader-4.3.9/test/grub2base_test.rb 2020-09-14
08:39:11.000000000 +0200
+++ new/yast2-bootloader-4.3.12/test/grub2base_test.rb 2020-10-16
15:46:31.000000000 +0200
@@ -59,6 +59,22 @@
expect(subject.trusted_boot).to eq false
end
+ it "reads update nvram configuration from sysconfig" do
+ mocked_sysconfig = ::Bootloader::Sysconfig.new(update_nvram: true)
+ allow(::Bootloader::Sysconfig).to
receive(:from_system).and_return(mocked_sysconfig)
+
+ subject.read
+
+ expect(subject.update_nvram).to eq true
+
+ mocked_sysconfig = ::Bootloader::Sysconfig.new(update_nvram: false)
+ allow(::Bootloader::Sysconfig).to
receive(:from_system).and_return(mocked_sysconfig)
+
+ subject.read
+
+ expect(subject.update_nvram).to eq false
+ end
+
it "raises BrokenConfiguration if /etc/default/grub missing" do
default = double
allow(default).to receive(:load).and_raise(Errno::ENOENT)
@@ -407,6 +423,12 @@
expect(subject.trusted_boot).to eq false
end
+ it "proposes to update nvram" do
+ subject.propose
+
+ expect(subject.update_nvram).to eq true
+ end
+
context "with a serial console on the kernel command line on non-s390" do
before do
allow(Yast::Arch).to receive(:architecture).and_return("x86_64")
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/yast2-bootloader-4.3.9/test/grub_install_test.rb
new/yast2-bootloader-4.3.12/test/grub_install_test.rb
--- old/yast2-bootloader-4.3.9/test/grub_install_test.rb 2020-09-14
08:39:11.000000000 +0200
+++ new/yast2-bootloader-4.3.12/test/grub_install_test.rb 2020-10-16
15:46:31.000000000 +0200
@@ -23,9 +23,10 @@
allow(Dir).to receive(:glob).and_return(efivardirs)
end
- def expect_grub2_install(target, device: nil, removable: false)
+ def expect_grub2_install(target, device: nil, removable: false, no_nvram:
false)
params = [/grub2-install/, "--target=#{target}", "--force",
"--skip-fs-probe"]
- params << "--no-nvram" << "--removable" if removable
+ params << "--removable" if removable
+ params << "--no-nvram" if no_nvram
params << device if device
if device
@@ -58,7 +59,7 @@
stub_efivars(removable: true)
expect(Yast::Execute).to receive(:on_target)
- .with([/grub2-install/, anything, "--suse-force-signed", anything,
anything, anything, anything])
+ .with([/grub2-install/, anything, "--suse-force-signed", anything,
anything, anything])
subject.execute(secure_boot: true)
end
@@ -124,9 +125,19 @@
subject.execute
end
+ it "grub2 install asked to not update nvram" do
+ stub_arch("aarch64")
+ stub_efivars
+ expect_grub2_install("arm64-efi", no_nvram: true, removable: true)
+ # second run of grub2-install
+ expect_grub2_install("arm64-efi", no_nvram: true, removable: false)
+
+ subject.execute(update_nvram: false)
+ end
+
it "passes suse-enable-tpm option when trusted boot is requested" do
stub_arch("x86_64")
- stub_efivars
+ stub_efivars(removable: false)
expect(Yast::Execute).to receive(:on_target) do |arg|
expect(arg).to include("--suse-enable-tpm")
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/yast2-bootloader-4.3.9/test/sysconfig_test.rb
new/yast2-bootloader-4.3.12/test/sysconfig_test.rb
--- old/yast2-bootloader-4.3.9/test/sysconfig_test.rb 2020-09-14
08:39:11.000000000 +0200
+++ new/yast2-bootloader-4.3.12/test/sysconfig_test.rb 2020-10-16
15:46:31.000000000 +0200
@@ -18,10 +18,23 @@
allow(Yast::SCR).to receive(:Read).with(
Yast::Path.new(".sysconfig.bootloader.SECURE_BOOT")
).and_return("no")
+ allow(Yast::SCR).to receive(:Read).with(
+ Yast::Path.new(".sysconfig.bootloader.UPDATE_NVRAM")
+ ).and_return("yes")
sysconfig = Bootloader::Sysconfig.from_system
expect(sysconfig.bootloader).to eq "grub2"
expect(sysconfig.secure_boot).to be false
+ expect(sysconfig.update_nvram).to be true
+ end
+
+ it "defaults update_nvram to true if not set" do
+ allow(Yast::SCR).to receive(:Read).with(
+ Yast::Path.new(".sysconfig.bootloader.UPDATE_NVRAM")
+ ).and_return(nil)
+
+ sysconfig = Bootloader::Sysconfig.from_system
+ expect(sysconfig.update_nvram).to be true
end
context "x86_64" do
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/yast2-bootloader-4.3.9/test/systeminfo_test.rb
new/yast2-bootloader-4.3.12/test/systeminfo_test.rb
--- old/yast2-bootloader-4.3.9/test/systeminfo_test.rb 2020-09-14
08:39:11.000000000 +0200
+++ new/yast2-bootloader-4.3.12/test/systeminfo_test.rb 2020-10-16
15:46:31.000000000 +0200
@@ -360,4 +360,26 @@
end
end
end
+
+ describe ".nvram_available?" do
+ context "if arch is ppc" do
+ let(:arch) { "ppc" }
+
+ it "returns true" do
+ expect(described_class.nvram_available?).to be true
+ end
+ end
+ context "if arch is ppc64" do
+ let(:arch) { "ppc64" }
+
+ it "returns true" do
+ expect(described_class.nvram_available?).to be true
+ end
+ end
+ context "if bootloader is grub2-efi" do
+ it "returns true" do
+ expect(described_class.nvram_available?("grub2-efi")).to be true
+ end
+ end
+ end
end
