From 069a2af410187fada1e48fd66eda329a9379c686 Mon Sep 17 00:00:00 2001 From: Steffen Winterfeldt Date: Fri, 21 Feb 2020 16:27:32 +0100 Subject: [PATCH] adjust functions and update unit tests --- src/lib/bootloader/grub2.rb | 4 ++-- src/lib/bootloader/grub2_widgets.rb | 4 ++-- src/lib/bootloader/grub_install.rb | 6 ++++-- src/lib/bootloader/systeminfo.rb | 23 +++++++++-------------- test/grub2_test.rb | 2 +- test/grub_install_test.rb | 1 + 6 files changed, 19 insertions(+), 21 deletions(-) diff --git a/src/lib/bootloader/grub2.rb b/src/lib/bootloader/grub2.rb index 341fb145a..8fda5d376 100644 --- a/src/lib/bootloader/grub2.rb +++ b/src/lib/bootloader/grub2.rb @@ -113,8 +113,8 @@ def summary(simple_mode: false) ) ] - result.push secure_boot_summary if Systeminfo.secure_boot_available? - result.push trusted_boot_summary if Systeminfo.trusted_boot_available? + result.push secure_boot_summary if Systeminfo.secure_boot_available?(name) + result.push trusted_boot_summary if Systeminfo.trusted_boot_available?(name) locations_val = locations if !locations_val.empty? diff --git a/src/lib/bootloader/grub2_widgets.rb b/src/lib/bootloader/grub2_widgets.rb index b73b94de6..70ed2ab24 100644 --- a/src/lib/bootloader/grub2_widgets.rb +++ b/src/lib/bootloader/grub2_widgets.rb @@ -980,11 +980,11 @@ def generic_mbr_widget? end def secure_boot_widget? - Systeminfo.secure_boot_available? + Systeminfo.secure_boot_available?(grub2.name) end def trusted_boot_widget? - Systeminfo.trusted_boot_available? + Systeminfo.trusted_boot_available?(grub2.name) end def pmbr_widget? diff --git a/src/lib/bootloader/grub_install.rb b/src/lib/bootloader/grub_install.rb index 9b5b3d4a0..c0bf7d3d3 100644 --- a/src/lib/bootloader/grub_install.rb +++ b/src/lib/bootloader/grub_install.rb @@ -15,6 +15,8 @@ class GrubInstall def initialize(efi: false) @efi = efi + @grub2_name = "grub2" + @grub2_name += "-efi" if @efi textdomain "bootloader" end @@ -26,7 +28,7 @@ def initialize(efi: false) # @param trusted_boot [Boolean] if trusted boot variant should be used # @return [Array] list of devices for which install failed def execute(devices: [], secure_boot: false, trusted_boot: false) - if secure_boot && !Systeminfo.secure_boot_available? + if secure_boot && !Systeminfo.secure_boot_available?(@grub2_name) raise "cannot enable secure boot on this machine" end @@ -74,7 +76,7 @@ def report_failure(exception) # creates basic command for grub2 install without specifying any stage1 # locations def basic_cmd(secure_boot, trusted_boot) - if Systeminfo.shim_needed? + if Systeminfo.shim_needed?(@grub2_name, secure_boot) cmd = ["/usr/sbin/shim-install", "--config-file=/boot/grub2/grub.cfg"] else cmd = ["/usr/sbin/grub2-install", "--target=#{target}"] diff --git a/src/lib/bootloader/systeminfo.rb b/src/lib/bootloader/systeminfo.rb index 2909b75bf..a06d7292e 100644 --- a/src/lib/bootloader/systeminfo.rb +++ b/src/lib/bootloader/systeminfo.rb @@ -16,36 +16,31 @@ def secure_boot_active? efi_supported? || s390_secure_boot_active? end - # true if boot config uses secure boot - def secure_boot_used? - ::Bootloader::BootloaderFactory.current.secure_boot - end - # true if secure boot is (in principle) supported def secure_boot_supported? efi_supported? || s390_secure_boot_supported? end # true if secure boot setting is available for current boot config - def secure_boot_available? - efi_used? || s390_secure_boot_supported? + def secure_boot_available?(bootloader_name) + efi_used?(bootloader_name) || s390_secure_boot_supported? end # true if trusted boot setting is available for current boot config - def trusted_boot_available? + def trusted_boot_available?(bootloader_name) # for details about grub2 efi trusted boot support see FATE#315831 ( - ::Bootloader::BootloaderFactory.current.name == "grub2" && + bootloader_name == "grub2" && (Yast::Arch.x86_64 || Yast::Arch.i386) ) || ( - ::Bootloader::BootloaderFactory.current.name == "grub2-efi" && + bootloader_name == "grub2-efi" && File.exist?("/dev/tpm0") ) end # true if UEFI will be used for booting - def efi_used? - ::Bootloader::BootloaderFactory.current.name == "grub2-efi" + def efi_used?(bootloader_name) + bootloader_name == "grub2-efi" end # true if system can (in principle) boot via UEFI @@ -54,8 +49,8 @@ def efi_supported? end # true if shim has to be used - def shim_needed? - (Yast::Arch.x86_64 || Yast::Arch.i386) && secure_boot_used? && efi_used? + def shim_needed?(bootloader_name, secure_boot) + (Yast::Arch.x86_64 || Yast::Arch.i386) && secure_boot && efi_used?(bootloader_name) end # true if s390 machine has secure boot support diff --git a/test/grub2_test.rb b/test/grub2_test.rb index e6edec443..4b19869b0 100644 --- a/test/grub2_test.rb +++ b/test/grub2_test.rb @@ -81,7 +81,7 @@ grub2_install = double(Bootloader::GrubInstall) expect(grub2_install).to receive(:execute) - .with(devices: ["/dev/sda", "/dev/sdb1"], trusted_boot: false).and_return([]) + .with(devices: ["/dev/sda", "/dev/sdb1"], secure_boot: nil, trusted_boot: false).and_return([]) expect(Bootloader::GrubInstall).to receive(:new).with(efi: false).and_return(grub2_install) subject.trusted_boot = false diff --git a/test/grub_install_test.rb b/test/grub_install_test.rb index 69e159653..149c8bebd 100755 --- a/test/grub_install_test.rb +++ b/test/grub_install_test.rb @@ -132,6 +132,7 @@ def expect_grub2_install(target, device: nil, removable: false) subject { Bootloader::GrubInstall.new(efi: false) } it "raise exception if secure_boot: true passed" do + stub_arch("x86_64") expect { subject.execute(secure_boot: true) }.to raise_error(RuntimeError) end