systemd-boot: Allow key enroll in AuditMode

Since AuditMode automatically switches SetupMode on, it should be authorized to enroll SecureBoot keys. Signed-off-by: Nicolas Bouchinet <nicolas.bouchinet@ssi.gouv.fr> (cherry picked from commit a23a59b)
bluca · May 8, 2024 · 04f6566 · 04f6566
1 parent 6e778d4
commit 04f6566
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/src/boot/efi/boot.c b/src/boot/efi/boot.c
@@ -2466,7 +2466,7 @@ static EFI_STATUS secure_boot_discover_keys(Config *config, EFI_FILE *root_dir)
         EFI_STATUS err;
         _cleanup_(file_closep) EFI_FILE *keys_basedir = NULL;
 
-        if (secure_boot_mode() != SECURE_BOOT_SETUP)
+        if (!IN_SET(secure_boot_mode(), SECURE_BOOT_SETUP, SECURE_BOOT_AUDIT))
                 return EFI_SUCCESS;
 
         /* the lack of a 'keys' directory is not fatal and is silently ignored */