mirror of
https://github.com/linuxboot/heads.git
synced 2024-12-24 07:06:42 +00:00
Merge pull request #1155 from tlaurion/oem_factory_reset-only_if_no_tpm_disk_unlock_key
oem-factory-reset: Only set default boot option if no TPM Disk Unlock Key
This commit is contained in:
commit
fb5cfd5cc2
@ -156,6 +156,11 @@ generate_checksums()
|
||||
mount -o remount,rw /boot || whiptail_error_die "Unable to mount /boot"
|
||||
fi
|
||||
|
||||
#Check if previous TPM Disk unlock Key was set
|
||||
if [ -e /boot/kexec_key_devices.txt ]; then
|
||||
TPM_DISK_ENCRYPTION_KEY_SET=1
|
||||
fi
|
||||
|
||||
# clear any existing checksums/signatures
|
||||
rm /boot/kexec* 2>/dev/null
|
||||
|
||||
@ -181,8 +186,10 @@ generate_checksums()
|
||||
echo "0" > /boot/kexec_hotp_counter
|
||||
fi
|
||||
|
||||
# set default boot option
|
||||
# set default boot option only if no TPM Disk Unlock Key previously set
|
||||
if [ -z "$TPM_DISK_ENCRYPTION_KEY_SET" ]; then
|
||||
set_default_boot_option
|
||||
fi
|
||||
|
||||
# generate hashes
|
||||
find /boot -type f ! -name '*kexec*' -print0 \
|
||||
|
Loading…
Reference in New Issue
Block a user