several: add --no-enhanced-secureboot flag
It disables all core boot types really. But this is the only planned core boot type at this point.
This commit is contained in:
parent
05892f41c7
commit
5cdf879a55
|
@ -129,6 +129,13 @@ def make_server_args_parser():
|
||||||
default=".subiquity",
|
default=".subiquity",
|
||||||
help="in dryrun, control basedir of files",
|
help="in dryrun, control basedir of files",
|
||||||
)
|
)
|
||||||
|
parser.add_argument(
|
||||||
|
"--no-enhanced-secureboot",
|
||||||
|
dest="enhanced_secureboot",
|
||||||
|
action="store_false",
|
||||||
|
default=True,
|
||||||
|
)
|
||||||
|
|
||||||
parser.add_argument("--storage-version", action="store", type=int)
|
parser.add_argument("--storage-version", action="store", type=int)
|
||||||
parser.add_argument("--use-os-prober", action="store_true", default=False)
|
parser.add_argument("--use-os-prober", action="store_true", default=False)
|
||||||
parser.add_argument(
|
parser.add_argument(
|
||||||
|
|
|
@ -373,6 +373,9 @@ class FilesystemController(SubiquityController, FilesystemManipulator):
|
||||||
system = await self._get_system(name, label)
|
system = await self._get_system(name, label)
|
||||||
log.debug("got system %s for variation %s", system, name)
|
log.debug("got system %s for variation %s", system, name)
|
||||||
if system is not None and len(system.volumes) > 0:
|
if system is not None and len(system.volumes) > 0:
|
||||||
|
if not self.app.opts.enhanced_secureboot:
|
||||||
|
log.debug("Not offering enhanced_secureboot: commandline disabled")
|
||||||
|
continue
|
||||||
info = self.info_for_system(name, label, system)
|
info = self.info_for_system(name, label, system)
|
||||||
if info is not None:
|
if info is not None:
|
||||||
self._variation_info[name] = info
|
self._variation_info[name] = info
|
||||||
|
@ -607,6 +610,10 @@ class FilesystemController(SubiquityController, FilesystemManipulator):
|
||||||
disk = self.model._one(id=choice.target.disk_id)
|
disk = self.model._one(id=choice.target.disk_id)
|
||||||
|
|
||||||
if self.is_core_boot_classic():
|
if self.is_core_boot_classic():
|
||||||
|
if not self.app.opts.enhanced_secureboot:
|
||||||
|
raise ValueError(
|
||||||
|
"Not using enhanced_secureboot: disabled on commandline"
|
||||||
|
)
|
||||||
assert isinstance(choice.target, GuidedStorageTargetReformat)
|
assert isinstance(choice.target, GuidedStorageTargetReformat)
|
||||||
self.use_tpm = choice.capability == GuidedCapability.CORE_BOOT_ENCRYPTED
|
self.use_tpm = choice.capability == GuidedCapability.CORE_BOOT_ENCRYPTED
|
||||||
await self.guided_core_boot(disk)
|
await self.guided_core_boot(disk)
|
||||||
|
|
|
@ -644,6 +644,34 @@ class TestCore(TestAPI):
|
||||||
self.assertDictSubset(dict(mount=None), p3)
|
self.assertDictSubset(dict(mount=None), p3)
|
||||||
self.assertDictSubset(dict(mount="/"), p4)
|
self.assertDictSubset(dict(mount="/"), p4)
|
||||||
|
|
||||||
|
@timeout()
|
||||||
|
async def test_basic_core_boot_cmdline_disable(self):
|
||||||
|
cfg = self.machineConfig("examples/machines/simple.json")
|
||||||
|
with cfg.edit() as data:
|
||||||
|
attrs = data["storage"]["blockdev"]["/dev/sda"]["attrs"]
|
||||||
|
attrs["size"] = str(25 << 30)
|
||||||
|
kw = dict(
|
||||||
|
bootloader="uefi",
|
||||||
|
extra_args=[
|
||||||
|
"--storage-version",
|
||||||
|
"2",
|
||||||
|
"--source-catalog",
|
||||||
|
"examples/sources/install-canary.yaml",
|
||||||
|
"--dry-run-config",
|
||||||
|
"examples/dry-run-configs/tpm.yaml",
|
||||||
|
"--no-enhanced-secureboot",
|
||||||
|
],
|
||||||
|
)
|
||||||
|
async with start_server(cfg, **kw) as inst:
|
||||||
|
await inst.post("/source", source_id="ubuntu-desktop")
|
||||||
|
resp = await inst.get("/storage/v2/guided", wait=True)
|
||||||
|
[reformat, manual] = resp["targets"]
|
||||||
|
for capability in reformat["allowed"]:
|
||||||
|
self.assertNotIn("CORE_BOOT", capability)
|
||||||
|
data = dict(target=reformat, capability="CORE_BOOT_ENCRYPTED")
|
||||||
|
with self.assertRaises(ClientResponseError):
|
||||||
|
await inst.post("/storage/v2/guided", data)
|
||||||
|
|
||||||
|
|
||||||
class TestAdd(TestAPI):
|
class TestAdd(TestAPI):
|
||||||
@timeout()
|
@timeout()
|
||||||
|
|
Loading…
Reference in New Issue