Merge pull request #1771 from dbungert/esb-feature-flag
several: add --no-enhanced-secureboot flag
This commit is contained in:
commit
443c87dc91
|
@ -129,6 +129,13 @@ def make_server_args_parser():
|
|||
default=".subiquity",
|
||||
help="in dryrun, control basedir of files",
|
||||
)
|
||||
parser.add_argument(
|
||||
"--no-enhanced-secureboot",
|
||||
dest="enhanced_secureboot",
|
||||
action="store_false",
|
||||
default=True,
|
||||
)
|
||||
|
||||
parser.add_argument("--storage-version", action="store", type=int)
|
||||
parser.add_argument("--use-os-prober", action="store_true", default=False)
|
||||
parser.add_argument(
|
||||
|
|
|
@ -373,6 +373,9 @@ class FilesystemController(SubiquityController, FilesystemManipulator):
|
|||
system = await self._get_system(name, label)
|
||||
log.debug("got system %s for variation %s", system, name)
|
||||
if system is not None and len(system.volumes) > 0:
|
||||
if not self.app.opts.enhanced_secureboot:
|
||||
log.debug("Not offering enhanced_secureboot: commandline disabled")
|
||||
continue
|
||||
info = self.info_for_system(name, label, system)
|
||||
if info is not None:
|
||||
self._variation_info[name] = info
|
||||
|
@ -607,6 +610,10 @@ class FilesystemController(SubiquityController, FilesystemManipulator):
|
|||
disk = self.model._one(id=choice.target.disk_id)
|
||||
|
||||
if self.is_core_boot_classic():
|
||||
if not self.app.opts.enhanced_secureboot:
|
||||
raise ValueError(
|
||||
"Not using enhanced_secureboot: disabled on commandline"
|
||||
)
|
||||
assert isinstance(choice.target, GuidedStorageTargetReformat)
|
||||
self.use_tpm = choice.capability == GuidedCapability.CORE_BOOT_ENCRYPTED
|
||||
await self.guided_core_boot(disk)
|
||||
|
|
|
@ -644,6 +644,34 @@ class TestCore(TestAPI):
|
|||
self.assertDictSubset(dict(mount=None), p3)
|
||||
self.assertDictSubset(dict(mount="/"), p4)
|
||||
|
||||
@timeout()
|
||||
async def test_basic_core_boot_cmdline_disable(self):
|
||||
cfg = self.machineConfig("examples/machines/simple.json")
|
||||
with cfg.edit() as data:
|
||||
attrs = data["storage"]["blockdev"]["/dev/sda"]["attrs"]
|
||||
attrs["size"] = str(25 << 30)
|
||||
kw = dict(
|
||||
bootloader="uefi",
|
||||
extra_args=[
|
||||
"--storage-version",
|
||||
"2",
|
||||
"--source-catalog",
|
||||
"examples/sources/install-canary.yaml",
|
||||
"--dry-run-config",
|
||||
"examples/dry-run-configs/tpm.yaml",
|
||||
"--no-enhanced-secureboot",
|
||||
],
|
||||
)
|
||||
async with start_server(cfg, **kw) as inst:
|
||||
await inst.post("/source", source_id="ubuntu-desktop")
|
||||
resp = await inst.get("/storage/v2/guided", wait=True)
|
||||
[reformat, manual] = resp["targets"]
|
||||
for capability in reformat["allowed"]:
|
||||
self.assertNotIn("CORE_BOOT", capability)
|
||||
data = dict(target=reformat, capability="CORE_BOOT_ENCRYPTED")
|
||||
with self.assertRaises(ClientResponseError):
|
||||
await inst.post("/storage/v2/guided", data)
|
||||
|
||||
|
||||
class TestAdd(TestAPI):
|
||||
@timeout()
|
||||
|
|
Loading…
Reference in New Issue