[PATCH v1 14/15] grub-install: install on EFI if forced

Thu, 31 Oct 2024 12:43:52 -0700 

From: Marta Lewandowska <mlewa...@redhat.com>

UEFI Secure Boot requires signed grub binaries to work, so grub-
install should not be used. However, users who have Secure Boot
disabled and wish to use the command should not be prevented from
doing so if they invoke --force.

fixes bz#1917213 / bz#2240994

Signed-off-by: Marta Lewandowska <mlewa...@redhat.com>
---
 util/grub-install.c | 38 +++++++++++++++++++-------------------
 1 file changed, 19 insertions(+), 19 deletions(-)

diff --git a/util/grub-install.c b/util/grub-install.c
index ee61b042b..b924c2d34 100644
--- a/util/grub-install.c
+++ b/util/grub-install.c
@@ -910,25 +910,6 @@ main (int argc, char *argv[])
 
   platform = grub_install_get_target (grub_install_source_directory);
 
-  switch (platform)
-    {
-    case GRUB_INSTALL_PLATFORM_ARM_EFI:
-    case GRUB_INSTALL_PLATFORM_ARM64_EFI:
-    case GRUB_INSTALL_PLATFORM_I386_EFI:
-    case GRUB_INSTALL_PLATFORM_IA64_EFI:
-    case GRUB_INSTALL_PLATFORM_LOONGARCH64_EFI:
-    case GRUB_INSTALL_PLATFORM_RISCV32_EFI:
-    case GRUB_INSTALL_PLATFORM_RISCV64_EFI:
-    case GRUB_INSTALL_PLATFORM_X86_64_EFI:
-      is_efi = 1;
-      grub_util_error (_("this utility cannot be used for EFI platforms"
-                         " because it does not support UEFI Secure Boot"));
-      break;
-    default:
-      is_efi = 0;
-      break;
-    }
-
   {
     char *platname = grub_install_get_platform_name (platform);
     fprintf (stderr, _("Installing for %s platform.\n"), platname);
@@ -1045,6 +1026,22 @@ main (int argc, char *argv[])
 
   switch (platform)
     {
+    case GRUB_INSTALL_PLATFORM_ARM_EFI:
+    case GRUB_INSTALL_PLATFORM_ARM64_EFI:
+    case GRUB_INSTALL_PLATFORM_I386_EFI:
+    case GRUB_INSTALL_PLATFORM_IA64_EFI:
+    case GRUB_INSTALL_PLATFORM_LOONGARCH64_EFI:
+    case GRUB_INSTALL_PLATFORM_RISCV32_EFI:
+    case GRUB_INSTALL_PLATFORM_RISCV64_EFI:
+    case GRUB_INSTALL_PLATFORM_X86_64_EFI:
+      is_efi = 1;
+      if (!force)
+        grub_util_error (_("This utility should not be used for EFI platforms"
+                          " because it does not support UEFI Secure Boot."
+                          " If you really wish to proceed, invoke the --force"
+                          " option.\nMake sure Secure Boot is disabled before"
+                          " proceeding"));
+      break;
     case GRUB_INSTALL_PLATFORM_I386_IEEE1275:
     case GRUB_INSTALL_PLATFORM_POWERPC_IEEE1275:
 #ifdef __linux__
@@ -1053,6 +1050,9 @@ main (int argc, char *argv[])
         try_open ("/dev/nvram");
 #endif
       break;
+      /* pacify warning.  */
+    case GRUB_INSTALL_PLATFORM_MAX:
+      break;
     default:
       break;
     }
-- 
2.46.2


_______________________________________________
Grub-devel mailing list
Grub-devel@gnu.org
https://lists.gnu.org/mailman/listinfo/grub-devel

Reply via email to