From df9d9986ab6965b653abd8d5d06dbfc3beb285e9 Mon Sep 17 00:00:00 2001
From: Alexandru Costache <alexandru@balena.io>
Date: Fri, 2 Feb 2024 11:33:58 +0000
Subject: [PATCH] balena-rollback/rollback-health: Allow old OS hooks to access
 efivars

This fixes rollback-health failures for boards like the Jetson Seeeed
J4012, which updates efivars for capsule updates from container hooks
and not from the current OS hooks.

While the actual HUP works because of /sys being bindmounted by
hostapp-update, rollbacks will fail to run the old OS hooks unless
efivarfs is mounted.

Change-type: patch
Signed-off-by: Alexandru Costache <alexandru@balena.io>
---
 .../recipes-core/balena-rollback/files/rollback-health       | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/meta-balena-common/recipes-core/balena-rollback/files/rollback-health b/meta-balena-common/recipes-core/balena-rollback/files/rollback-health
index 874753647f..096e647f77 100644
--- a/meta-balena-common/recipes-core/balena-rollback/files/rollback-health
+++ b/meta-balena-common/recipes-core/balena-rollback/files/rollback-health
@@ -42,6 +42,11 @@ run_hooks_from_inactive () {
 	mount --bind /mnt/sysroot/inactive/ "${old_rootfs}/mnt/sysroot/inactive/"
 	mount -t sysfs sysfs "${old_rootfs}/sys/"
 
+	# Allow old OS hooks to access efivars
+	if [ -d /sys/firmware/efi/efivars ]; then
+		mount -t efivarfs efivarfs "${old_rootfs}/sys/firmware/efi/efivars" || true
+	fi
+
 	# In case of secure boot the boot and EFI partitions are split apart
 	# The EFI partition must be bind-mounted as well to be able to deploy
 	# files under /mnt/boot/EFI