Skip to content

Commit

Permalink
systemd-boot: Allow key enroll in AuditMode
Browse files Browse the repository at this point in the history 
Since AuditMode automatically switches SetupMode on, it should be
authorized to enroll SecureBoot keys.

Signed-off-by: Nicolas Bouchinet <nicolas.bouchinet@ssi.gouv.fr>
  • Loading branch information
@nbouchinet-anssi @poettering
nbouchinet-anssi authored and poettering committed May 6, 2024
1 parent e4cea96 commit a23a59b
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion src/boot/efi/boot.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2480,7 +2480,7 @@ static EFI_STATUS secure_boot_discover_keys(Config *config, EFI_FILE *root_dir)
EFI_STATUS err;
_cleanup_(file_closep) EFI_FILE *keys_basedir = NULL;

if (secure_boot_mode() != SECURE_BOOT_SETUP)
if (!IN_SET(secure_boot_mode(), SECURE_BOOT_SETUP, SECURE_BOOT_AUDIT))
return EFI_SUCCESS;

/* the lack of a 'keys' directory is not fatal and is silently ignored */
Expand Down

0 comments on commit a23a59b

Please sign in to comment.