diff options
author | Lennart Poettering <lennart@poettering.net> | 2022-03-22 16:30:34 +0100 |
---|---|---|
committer | Lennart Poettering <lennart@poettering.net> | 2022-03-24 15:18:52 +0100 |
commit | 3e09ad57c6269eac8d34d5b443757dd81490922e (patch) | |
tree | cbfd35a4a385b007684a52bd3198b45dd86409d5 /src/basic/efivars.c | |
parent | d01133125cd74dd9f10504650b60270937549553 (diff) | |
download | systemd-3e09ad57c6269eac8d34d5b443757dd81490922e.tar.gz |
efivars: cache ENOENT as no efi secure boot
On systems lacking EFI or the SecureBoot efi var the caching of this
info didn#t work, since we'd see ENOENT when reading the var, and cache
that, which we then use as reason to retry next time.
Let's fix that and convert ENOENT to "secure boot", because that's what
it really means. All other errors are left as is (and reason to retry).
But let's add some debug logging for that case.
Diffstat (limited to 'src/basic/efivars.c')
-rw-r--r-- | src/basic/efivars.c | 12 |
1 files changed, 10 insertions, 2 deletions
diff --git a/src/basic/efivars.c b/src/basic/efivars.c index 7a9d1bf641..957e73a7bf 100644 --- a/src/basic/efivars.c +++ b/src/basic/efivars.c @@ -310,9 +310,17 @@ static int read_flag(const char *variable) { bool is_efi_secure_boot(void) { static int cache = -1; + int r; - if (cache < 0) - cache = read_flag(EFI_GLOBAL_VARIABLE(SecureBoot)); + if (cache < 0) { + r = read_flag(EFI_GLOBAL_VARIABLE(SecureBoot)); + if (r == -ENOENT) + cache = false; + else if (r < 0) + log_debug_errno(r, "Error reading SecureBoot EFI variable, assuming not in SecureBoot mode: %m"); + else + cache = r; + } return cache > 0; } |