|
 |
8a9297c |
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
|
|
8a9297c |
From: Marta Lewandowska <mlewando@redhat.com>
|
|
|
8a9297c |
Date: Fri, 13 Oct 2023 09:13:41 +0200
|
|
|
8a9297c |
Subject: [PATCH] grub-install on EFI if forced
|
|
|
8a9297c |
|
|
|
8a9297c |
UEFI Secure Boot requires signed grub binaries to work, so grub-
|
|
|
8a9297c |
install should not be used. However, users who have Secure Boot
|
|
|
8a9297c |
disabled and wish to use the command should not be prevented from
|
|
|
8a9297c |
doing so if they invoke --force.
|
|
|
8a9297c |
|
|
|
8a9297c |
fixes bz#1917213 / bz#2240994
|
|
|
8a9297c |
|
|
|
8a9297c |
Signed-off-by: Marta Lewandowska <mlewando@redhat.com>
|
|
|
8a9297c |
---
|
|
|
8a9297c |
util/grub-install.c | 42 ++++++++++++++++++++++++++----------------
|
|
|
8a9297c |
1 file changed, 26 insertions(+), 16 deletions(-)
|
|
|
8a9297c |
|
|
|
8a9297c |
diff --git a/util/grub-install.c b/util/grub-install.c
|
|
|
8a9297c |
index 5babc7af5518..162162bec6e2 100644
|
|
|
8a9297c |
--- a/util/grub-install.c
|
|
|
8a9297c |
+++ b/util/grub-install.c
|
|
|
8a9297c |
@@ -899,22 +899,6 @@ main (int argc, char *argv[])
|
|
|
8a9297c |
|
|
|
8a9297c |
platform = grub_install_get_target (grub_install_source_directory);
|
|
|
8a9297c |
|
|
|
8a9297c |
- switch (platform)
|
|
|
8a9297c |
- {
|
|
|
8a9297c |
- case GRUB_INSTALL_PLATFORM_ARM_EFI:
|
|
|
8a9297c |
- case GRUB_INSTALL_PLATFORM_ARM64_EFI:
|
|
|
8a9297c |
- case GRUB_INSTALL_PLATFORM_I386_EFI:
|
|
|
8a9297c |
- case GRUB_INSTALL_PLATFORM_IA64_EFI:
|
|
|
8a9297c |
- case GRUB_INSTALL_PLATFORM_X86_64_EFI:
|
|
|
8a9297c |
- is_efi = 1;
|
|
|
8a9297c |
- grub_util_error (_("this utility cannot be used for EFI platforms"
|
|
|
8a9297c |
- " because it does not support UEFI Secure Boot"));
|
|
|
8a9297c |
- break;
|
|
|
8a9297c |
- default:
|
|
|
8a9297c |
- is_efi = 0;
|
|
|
8a9297c |
- break;
|
|
|
8a9297c |
- }
|
|
|
8a9297c |
-
|
|
|
8a9297c |
{
|
|
|
8a9297c |
char *platname = grub_install_get_platform_name (platform);
|
|
|
8a9297c |
fprintf (stderr, _("Installing for %s platform.\n"), platname);
|
|
|
8a9297c |
@@ -1027,6 +1011,32 @@ main (int argc, char *argv[])
|
|
|
8a9297c |
grub_hostfs_init ();
|
|
|
8a9297c |
grub_host_init ();
|
|
|
8a9297c |
|
|
|
8a9297c |
+ switch (platform)
|
|
|
8a9297c |
+ {
|
|
|
8a9297c |
+ case GRUB_INSTALL_PLATFORM_I386_EFI:
|
|
|
8a9297c |
+ case GRUB_INSTALL_PLATFORM_X86_64_EFI:
|
|
|
8a9297c |
+ case GRUB_INSTALL_PLATFORM_ARM_EFI:
|
|
|
8a9297c |
+ case GRUB_INSTALL_PLATFORM_ARM64_EFI:
|
|
|
8a9297c |
+ case GRUB_INSTALL_PLATFORM_RISCV32_EFI:
|
|
|
8a9297c |
+ case GRUB_INSTALL_PLATFORM_RISCV64_EFI:
|
|
|
8a9297c |
+ case GRUB_INSTALL_PLATFORM_IA64_EFI:
|
|
|
8a9297c |
+ is_efi = 1;
|
|
|
8a9297c |
+ if (!force)
|
|
|
8a9297c |
+ grub_util_error (_("This utility should not be used for EFI platforms"
|
|
|
8a9297c |
+ " because it does not support UEFI Secure Boot."
|
|
|
8a9297c |
+ " If you really wish to proceed, invoke the --force"
|
|
|
8a9297c |
+ " option.\nMake sure Secure Boot is disabled before"
|
|
|
8a9297c |
+ " proceeding"));
|
|
|
8a9297c |
+ break;
|
|
|
8a9297c |
+ default:
|
|
|
8a9297c |
+ is_efi = 0;
|
|
|
8a9297c |
+ break;
|
|
|
8a9297c |
+
|
|
|
8a9297c |
+ /* pacify warning. */
|
|
|
8a9297c |
+ case GRUB_INSTALL_PLATFORM_MAX:
|
|
|
8a9297c |
+ break;
|
|
|
8a9297c |
+ }
|
|
|
8a9297c |
+
|
|
|
8a9297c |
/* Find the EFI System Partition. */
|
|
|
8a9297c |
if (is_efi)
|
|
|
8a9297c |
{
|