Merge pull request #1155 from tlaurion/oem_factory_reset-only_if_no_tpm_disk_unlock_key

oem-factory-reset: Only set default boot option if no TPM Disk Unlock Key
This commit is contained in:
tlaurion 2022-04-15 10:24:41 -04:00 committed by GitHub
commit fb5cfd5cc2
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23

View File

@ -156,6 +156,11 @@ generate_checksums()
mount -o remount,rw /boot || whiptail_error_die "Unable to mount /boot"
fi
#Check if previous TPM Disk unlock Key was set
if [ -e /boot/kexec_key_devices.txt ]; then
TPM_DISK_ENCRYPTION_KEY_SET=1
fi
# clear any existing checksums/signatures
rm /boot/kexec* 2>/dev/null
@ -181,8 +186,10 @@ generate_checksums()
echo "0" > /boot/kexec_hotp_counter
fi
# set default boot option
# set default boot option only if no TPM Disk Unlock Key previously set
if [ -z "$TPM_DISK_ENCRYPTION_KEY_SET" ]; then
set_default_boot_option
fi
# generate hashes
find /boot -type f ! -name '*kexec*' -print0 \