systemd-boot: Allow key enroll in AuditMode

Since AuditMode automatically switches SetupMode on, it should be authorized to enroll SecureBoot keys. Signed-off-by: Nicolas Bouchinet <nicolas.bouchinet@ssi.gouv.fr> (cherry picked from commit a23a59b) (cherry picked from commit 04f6566)
bluca · May 9, 2024 · eecb0ea · eecb0ea
1 parent 80643bc
commit eecb0ea
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/src/boot/efi/boot.c b/src/boot/efi/boot.c
@@ -2488,7 +2488,7 @@ static EFI_STATUS secure_boot_discover_keys(Config *config, EFI_FILE *root_dir)
         EFI_STATUS err;
         _cleanup_(file_closep) EFI_FILE *keys_basedir = NULL;
 
-        if (secure_boot_mode() != SECURE_BOOT_SETUP)
+        if (!IN_SET(secure_boot_mode(), SECURE_BOOT_SETUP, SECURE_BOOT_AUDIT))
                 return EFI_SUCCESS;
 
         /* the lack of a 'keys' directory is not fatal and is silently ignored */