grub2/0246-grub-install-on-EFI-if-forced.patch

81 lines
2.8 KiB
Diff
Raw Normal View History

From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Marta Lewandowska <mlewando@redhat.com>
Date: Tue, 6 Feb 2024 17:42:47 -0600
Subject: [PATCH] grub-install on EFI if forced
UEFI Secure Boot requires signed grub binaries to work, so grub-
install should not be used. However, users who have Secure Boot
disabled and wish to use the command should not be prevented from
doing so if they invoke --force.
fixes bz#1917213 / bz#2240994
Signed-off-by: Marta Lewandowska <mlewando@redhat.com>
---
util/grub-install.c | 38 +++++++++++++++++++-------------------
1 file changed, 19 insertions(+), 19 deletions(-)
diff --git a/util/grub-install.c b/util/grub-install.c
index 828e8722ba5..314b6143b8e 100644
--- a/util/grub-install.c
+++ b/util/grub-install.c
@@ -915,25 +915,6 @@ main (int argc, char *argv[])
platform = grub_install_get_target (grub_install_source_directory);
- switch (platform)
- {
- case GRUB_INSTALL_PLATFORM_ARM_EFI:
- case GRUB_INSTALL_PLATFORM_ARM64_EFI:
- case GRUB_INSTALL_PLATFORM_I386_EFI:
- case GRUB_INSTALL_PLATFORM_IA64_EFI:
- case GRUB_INSTALL_PLATFORM_LOONGARCH64_EFI:
- case GRUB_INSTALL_PLATFORM_RISCV32_EFI:
- case GRUB_INSTALL_PLATFORM_RISCV64_EFI:
- case GRUB_INSTALL_PLATFORM_X86_64_EFI:
- is_efi = 1;
- grub_util_error (_("this utility cannot be used for EFI platforms"
- " because it does not support UEFI Secure Boot"));
- break;
- default:
- is_efi = 0;
- break;
- }
-
{
char *platname = grub_install_get_platform_name (platform);
fprintf (stderr, _("Installing for %s platform.\n"), platname);
@@ -1050,6 +1031,22 @@ main (int argc, char *argv[])
switch (platform)
{
+ case GRUB_INSTALL_PLATFORM_ARM_EFI:
+ case GRUB_INSTALL_PLATFORM_ARM64_EFI:
+ case GRUB_INSTALL_PLATFORM_I386_EFI:
+ case GRUB_INSTALL_PLATFORM_IA64_EFI:
+ case GRUB_INSTALL_PLATFORM_LOONGARCH64_EFI:
+ case GRUB_INSTALL_PLATFORM_RISCV32_EFI:
+ case GRUB_INSTALL_PLATFORM_RISCV64_EFI:
+ case GRUB_INSTALL_PLATFORM_X86_64_EFI:
+ is_efi = 1;
+ if (!force)
+ grub_util_error (_("This utility should not be used for EFI platforms"
+ " because it does not support UEFI Secure Boot."
+ " If you really wish to proceed, invoke the --force"
+ " option.\nMake sure Secure Boot is disabled before"
+ " proceeding"));
+ break;
case GRUB_INSTALL_PLATFORM_I386_IEEE1275:
case GRUB_INSTALL_PLATFORM_POWERPC_IEEE1275:
#ifdef __linux__
@@ -1058,6 +1055,9 @@ main (int argc, char *argv[])
try_open ("/dev/nvram");
#endif
break;
+ /* pacify warning. */
+ case GRUB_INSTALL_PLATFORM_MAX:
+ break;
default:
break;
}