From 72089d78ba9e0c0d4c4b83c8f447adbfb32809ed Mon Sep 17 00:00:00 2001 From: Jan Janssen Date: Mon, 16 Jan 2023 16:22:17 +0100 Subject: [PATCH] boot: Skip soft-brick warning when in a VM This part of the warning is annoying to look at not really true when running inside of a VM. (cherry picked from commit 3e87a057a796b57bf9540b948823fbefef6693d7) Related: RHEL-16952 --- src/boot/efi/secure-boot.c | 56 ++++++++++++++++++++------------------ 1 file changed, 29 insertions(+), 27 deletions(-) diff --git a/src/boot/efi/secure-boot.c b/src/boot/efi/secure-boot.c index 55c9ba5d4c..3f3a222b5e 100644 --- a/src/boot/efi/secure-boot.c +++ b/src/boot/efi/secure-boot.c @@ -44,34 +44,36 @@ EFI_STATUS secure_boot_enroll_at(EFI_FILE *root_dir, const char16_t *path) { clear_screen(COLOR_NORMAL); - Print(L"Enrolling secure boot keys from directory: %s\n" - L"Warning: Enrolling custom Secure Boot keys might soft-brick your machine!\n", - path); - - unsigned timeout_sec = 15; - for(;;) { - /* Enrolling secure boot keys is safe to do in virtualized environments as there is nothing - * we can brick there. */ - if (in_hypervisor()) - break; - - PrintAt(0, ST->ConOut->Mode->CursorRow, L"Enrolling in %2u s, press any key to abort.", timeout_sec); - - uint64_t key; - err = console_key_read(&key, 1000 * 1000); - if (err == EFI_NOT_READY) - continue; - if (err == EFI_TIMEOUT) { - if (timeout_sec == 0) /* continue enrolling keys */ - break; - timeout_sec--; - continue; + Print(u"Enrolling secure boot keys from directory: %s\n"); + + /* Enrolling secure boot keys is safe to do in virtualized environments as there is nothing + * we can brick there. */ + if (!in_hypervisor()) { + Print(u"Warning: Enrolling custom Secure Boot keys might soft-brick your machine!\n", path); + + unsigned timeout_sec = 15; + for (;;) { + Print(u"\rEnrolling in %2u s, press any key to abort.", timeout_sec); + + uint64_t key; + err = console_key_read(&key, 1000 * 1000); + if (err == EFI_NOT_READY) + continue; + if (err == EFI_TIMEOUT) { + if (timeout_sec == 0) /* continue enrolling keys */ + break; + timeout_sec--; + continue; + } + if (err != EFI_SUCCESS) + return log_error_status_stall( + err, + L"Error waiting for user input to enroll Secure Boot keys: %r", + err); + + /* user aborted, returning EFI_SUCCESS here allows the user to go back to the menu */ + return EFI_SUCCESS; } - if (err != EFI_SUCCESS) - return log_error_status_stall(err, L"Error waiting for user input to enroll Secure Boot keys: %r", err); - - /* user aborted, returning EFI_SUCCESS here allows the user to go back to the menu */ - return EFI_SUCCESS; } _cleanup_(file_closep) EFI_FILE *dir = NULL;