Skip to content

Commit dfa9b94

Browse files
benjamreisbenjamreis
committed
Check for used UEFI certificates when updating vm platform
Signed-off-by: BenjiReis <benjamin.reis@vates.fr>
1 parent 5196f53 commit dfa9b94

File tree

2 files changed

+12
-3
lines changed

2 files changed

+12
-3
lines changed

ocaml/xapi/helpers.ml

Lines changed: 10 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -2047,3 +2047,13 @@ let unit_test ~__context : bool =
20472047
true
20482048
| None ->
20492049
false
2050+
2051+
let get_active_uefi_certificates ~__context ~self =
2052+
let custom_uefi_certs =
2053+
Db.Pool.get_custom_uefi_certificates ~__context ~self
2054+
in
2055+
match (!Xapi_globs.allow_custom_uefi_certs, custom_uefi_certs) with
2056+
| false, _ | true, "" ->
2057+
Db.Pool.get_uefi_certificates ~__context ~self
2058+
| true, _ ->
2059+
custom_uefi_certs

ocaml/xapi/xapi_vm.ml

Lines changed: 2 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -290,9 +290,8 @@ let update_platform_secureboot ~__context ~self platform =
290290
| exception Not_found ->
291291
platform
292292
| "auto" ->
293-
( "secureboot"
294-
, string_of_bool (Db.Pool.get_uefi_certificates ~__context ~self <> "")
295-
)
293+
let uefi_certs = Helpers.get_active_uefi_certificates ~__context ~self in
294+
("secureboot", string_of_bool (uefi_certs <> ""))
296295
:: List.remove_assoc "secureboot" platform
297296
| _ ->
298297
platform

0 commit comments

Comments
 (0)