Skip to content

Commit

Permalink
support uefi secureboot
Browse files Browse the repository at this point in the history 
support uefi secureboot
  • Loading branch information
@WenhuaChang
WenhuaChang committed Feb 21, 2013
1 parent 72a48a2 commit 9b41db2
Show file tree
Hide file tree
Showing 7 changed files with 139 additions and 7 deletions.
54 changes: 54 additions & 0 deletions src/grub2/dialogs.ycp
View file
Expand Up @@ -84,6 +84,44 @@ symbol Grub2LoaderDetailsDialog ()

include "bootloader/grub/options.ycp";

void InitSecureBootWidget(string widget) {
boolean sb = BootCommon::getSystemSecureBootStatus(false);
UI::ChangeWidget (`id ("secure_boot"), `Value, sb);
}
symbol HandleSecureBootWidget (string widget, map event) {
return nil;
}
void StoreSecureBootWidget (string widget, map event) {
boolean sb = (boolean)UI::QueryWidget(`id("secure_boot"), `Value);
BootCommon::setSystemSecureBootStatus (sb);
}
string HelpSecureBootWidget() {
string ret = "Tick to enable UEFI Secure Boot\n";
return ret;
}

map<string,any> grub2SecureBootWidget ()
{
term contents = `VBox (
`Frame (_("Secure Boot"),
`VBox (`HBox(`HSpacing(1),`VBox(
`Left(`CheckBox( `id("secure_boot"), _("Enable &Secure Boot Support"))),
`VStretch()
)))
),
`VStretch()
);

return $[
"widget" : `custom,
"custom_widget" : contents,
"init" : InitSecureBootWidget,
"handle" : HandleSecureBootWidget,
"store" : StoreSecureBootWidget,
"help" : HelpSecureBootWidget(),
];
}

/**
* Run dialog to adjust installation on i386 and AMD64
* @return symbol for wizard sequencer
Expand All @@ -110,6 +148,7 @@ symbol Grub2InstallDetailsDialog () {
* Cache for genericWidgets function
*/
map<string,map<string,any> > _grub2_widgets = nil;
map<string,map<string,any> > _grub2_efi_widgets = nil;

/**
* Get generic widgets
Expand All @@ -125,5 +164,20 @@ global map<string,map<string,any> > grub2Widgets () {
return _grub2_widgets;
}

global map<string,map<string,any> > grub2efiWidgets () {

if (Arch::x86_64 ())
{
if (_grub2_efi_widgets == nil)
{
_grub2_efi_widgets = $[
"loader_location" : grub2SecureBootWidget ()
];
}
}

return _grub2_efi_widgets;
}

} //EOF

47 changes: 47 additions & 0 deletions src/modules/BootCommon.ycp
View file
Expand Up @@ -190,6 +190,7 @@ global map<string,string> edited_files = $[];
* shall be one of "lilo", "grub", "elilo", "ppc", "zipl", "grub2", "grub2-efi"
*/
string loader_type = nil;
boolean secure_boot = nil;

// sysconfig variables

Expand Down Expand Up @@ -303,6 +304,7 @@ global boolean enable_selinux = false;


global define string getLoaderType (boolean recheck);
global define boolean getSystemSecureBootStatus (boolean recheck);
global define list<string> getBootloaders ();
global define list<string> Summary ();
global map<string,any> CreateLinuxSection (string title);
Expand Down Expand Up @@ -857,6 +859,8 @@ global boolean Save (boolean clean, boolean init, boolean flush) {
// add check if there is memtest and delete from memtest section
// keys like append, initrd etc...
checkMemtest ();
y2milestone ("SetSecureBoot %1", secure_boot);
ret = ret && SetSecureBoot (secure_boot);
ret = ret && DefineMultipath(BootStorage::multipath_mapping);
ret = ret && SetDeviceMap (my_device_mapping);
ret = ret && SetSections (sections);
Expand Down Expand Up @@ -1139,6 +1143,49 @@ global define void setLoaderType (string bootloader) {
y2milestone ("Loader type set");
}

global define boolean getSystemSecureBootStatus (boolean recheck) {

if ((! recheck) && (secure_boot != nil))
return secure_boot;

if (Mode::update () || Mode::normal () || Mode::repair ())
{
string sb = (string) SCR::Read (.sysconfig.bootloader.SECURE_BOOT);

if (sb != nil && sb != "")
{
secure_boot = (sb == "yes") ? true : false;
return secure_boot;
}
}

// TODO : Detect Secure Boot
secure_boot = false;
return secure_boot;
}

global define void setSystemSecureBootStatus (boolean enable) {

/*
if (enable && enable != secure_boot)
{
// don't configure package manager during autoinstallation preparing
if (Mode::normal () && (! (Mode::config () || Mode::repair ())))
{
y2milestone ("Install shim");
PackageSystem::InstallAll (["shim"]);
}
else if (Stage::initial () )
{
y2milestone ("AddResolvables shim");
PackagesProposal::AddResolvables ("yast2-bootloader", `package, ["shim"]);
}
}
*/
y2milestone ("Set secure boot: %2 => %1", enable, secure_boot);
secure_boot = enable;
}

/**
* List bootloaders available for configured architecture
* @return a list of bootloaders
Expand Down
8 changes: 3 additions & 5 deletions src/modules/BootGRUB2EFI.ycp
View file
Expand Up @@ -177,8 +177,8 @@ global define void Propose () {
global define list<string> Summary () {
list<string> result = [ sformat (_("Boot Loader Type: %1"),
BootCommon::getLoaderName (BootCommon::getLoaderType (false), `summary)) ];
list<string> locations = [];

result = add (result, sformat (_("Enable Secure Boot: %1"), BootCommon::getSystemSecureBootStatus (false)));
return result;
}

Expand All @@ -200,10 +200,8 @@ global map<string, any> GetFunctions () {
"propose" : Propose,
"summary" : Summary,
"update" : Update,
#TODO grub2widgets
#"widgets" : grub2Widgets,
"widgets" : grub2efiWidgets,
"dialogs" : Dialogs,
"widgets" : $[],
"write" : Write,
];
}
Expand All @@ -228,7 +226,7 @@ global define void Initializer () {
*/
global define void BootGRUB2EFI () {
BootCommon::bootloader_attribs["grub2-efi"] = $[
"required_packages" : ["grub2-efi"],
"required_packages" : ["grub2-efi", "shim"],
"loader_name" : "GRUB2-EFI",
"initializer" : BootGRUB2EFI::Initializer,
];
Expand Down
10 changes: 10 additions & 0 deletions src/modules/Bootloader_API.pm
View file
Expand Up @@ -62,6 +62,16 @@ sub setLoaderType($) {
return $ret;
}

BEGIN { $TYPEINFO{setSecureBoot} = ["function", "boolean", "boolean"]; }
# do library initialization for a specific bootloader type
sub setSecureBoot($) {
my ($sb) = @_;
my $ret = $lib_ref->SetSecureBoot($sb);

DumpLog();
return $ret;
}

BEGIN { $TYPEINFO{defineUdevMapping} = ["function", "integer", ["map", "string", "string"]]; }
# do library initialization for a specific bootloader type
sub defineUdevMapping($) {
Expand Down
4 changes: 2 additions & 2 deletions src/routines/global_widgets.ycp
View file
Expand Up @@ -730,7 +730,7 @@ map TabsDescr () {
`VSpacing (0.4)
)),
`VStretch (),
(lt == "none" || lt == "default" || lt == "zipl" || lt == "lilo" || lt == "grub2-efi")
(lt == "none" || lt == "default" || lt == "zipl" || lt == "lilo")
? `Empty ()
: "loader_location",
`VStretch (),
Expand All @@ -739,7 +739,7 @@ map TabsDescr () {
: "inst_details",
`VStretch ()
), `HStretch ()),
"widget_names": (lt == "none" || lt == "default" || lt=="zipl" || lt == "grub2-efi")
"widget_names": (lt == "none" || lt == "default" || lt=="zipl")
? [ "loader_type", "loader_options" ]
: [ "loader_type", "loader_options", "loader_location",
"inst_details"]
Expand Down
9 changes: 9 additions & 0 deletions src/routines/lib_iface.ycp
View file
Expand Up @@ -284,6 +284,15 @@ global boolean UpdateBootloader () {
return ret;
}

global boolean SetSecureBoot (boolean enable) {
y2milestone ("Set SecureBoot");
boolean ret = System::Bootloader_API::setSecureBoot (enable);
y2milestone ("return value from setSecureBoot: %1", ret);
if (! ret)
bootloaderError ("Error occurred while setting secureboot");
return ret;
}


/**
* Update append in from boot section, it means take value from "console"
Expand Down
14 changes: 14 additions & 0 deletions src/routines/misc.ycp
View file
Expand Up @@ -1598,6 +1598,20 @@ global define void WriteToSysconf(boolean inst_bootloader)

comment="\n## Path:\tSystem/Bootloader
## Description:\tBootloader configuration
## Type:\tyesno
## Default:\t\"no\"
#
# Enable UEFI Secure Boot support
# This setting is only relevant to UEFI which supports UEFI. It won't
# take effect on any other firmware type.
#
#\n";

string sb = BootCommon::getSystemSecureBootStatus(false) ? "yes" : "no" ;
WriteOptionToSysconfig(inst_bootloader, sys_agent, .SECURE_BOOT, sb, comment);

comment="\n## Path:\tSystem/Bootloader
## Description:\tBootloader configuration
## Type:\tstring
## Default:\t\"splash=silent quiet showotps\"
#
Expand Down

0 comments on commit 9b41db2

Please sign in to comment.