From 72089d78ba9e0c0d4c4b83c8f447adbfb32809ed Mon Sep 17 00:00:00 2001
From: Jan Janssen <medhefgo@web.de>
Date: Mon, 16 Jan 2023 16:22:17 +0100
Subject: [PATCH] boot: Skip soft-brick warning when in a VM

This part of the warning is annoying to look at not really true when
running inside of a VM.

(cherry picked from commit 3e87a057a796b57bf9540b948823fbefef6693d7)

Related: RHEL-16952
---
 src/boot/efi/secure-boot.c | 56 ++++++++++++++++++++------------------
 1 file changed, 29 insertions(+), 27 deletions(-)

diff --git a/src/boot/efi/secure-boot.c b/src/boot/efi/secure-boot.c
index 55c9ba5d4c..3f3a222b5e 100644
--- a/src/boot/efi/secure-boot.c
+++ b/src/boot/efi/secure-boot.c
@@ -44,34 +44,36 @@ EFI_STATUS secure_boot_enroll_at(EFI_FILE *root_dir, const char16_t *path) {
 
         clear_screen(COLOR_NORMAL);
 
-        Print(L"Enrolling secure boot keys from directory: %s\n"
-              L"Warning: Enrolling custom Secure Boot keys might soft-brick your machine!\n",
-              path);
-
-        unsigned timeout_sec = 15;
-        for(;;) {
-                /* Enrolling secure boot keys is safe to do in virtualized environments as there is nothing
-                 * we can brick there. */
-                if (in_hypervisor())
-                        break;
-
-                PrintAt(0, ST->ConOut->Mode->CursorRow, L"Enrolling in %2u s, press any key to abort.", timeout_sec);
-
-                uint64_t key;
-                err = console_key_read(&key, 1000 * 1000);
-                if (err == EFI_NOT_READY)
-                        continue;
-                if (err == EFI_TIMEOUT) {
-                        if (timeout_sec == 0) /* continue enrolling keys */
-                                break;
-                        timeout_sec--;
-                        continue;
+        Print(u"Enrolling secure boot keys from directory: %s\n");
+
+        /* Enrolling secure boot keys is safe to do in virtualized environments as there is nothing
+         * we can brick there. */
+        if (!in_hypervisor()) {
+                Print(u"Warning: Enrolling custom Secure Boot keys might soft-brick your machine!\n", path);
+
+                unsigned timeout_sec = 15;
+                for (;;) {
+                        Print(u"\rEnrolling in %2u s, press any key to abort.", timeout_sec);
+
+                        uint64_t key;
+                        err = console_key_read(&key, 1000 * 1000);
+                        if (err == EFI_NOT_READY)
+                                continue;
+                        if (err == EFI_TIMEOUT) {
+                                if (timeout_sec == 0) /* continue enrolling keys */
+                                        break;
+                                timeout_sec--;
+                                continue;
+                        }
+                        if (err != EFI_SUCCESS)
+                                return log_error_status_stall(
+                                                err,
+                                                L"Error waiting for user input to enroll Secure Boot keys: %r",
+                                                err);
+
+                        /* user aborted, returning EFI_SUCCESS here allows the user to go back to the menu */
+                        return EFI_SUCCESS;
                 }
-                if (err != EFI_SUCCESS)
-                        return log_error_status_stall(err, L"Error waiting for user input to enroll Secure Boot keys: %r", err);
-
-                /* user aborted, returning EFI_SUCCESS here allows the user to go back to the menu */
-                return EFI_SUCCESS;
         }
 
         _cleanup_(file_closep) EFI_FILE *dir = NULL;