From 9ff0a8b0ae0cd0d17b5e5429f451d3558c803297 Mon Sep 17 00:00:00 2001
From: Michael Hudson-Doyle <michael.hudson@canonical.com>
Date: Tue, 29 Aug 2023 14:04:04 +1200
Subject: [PATCH] Do not offer core boot based installs unless bootloader is
 UEFI

---
 subiquity/server/controllers/filesystem.py |  3 +++
 subiquity/tests/api/test_api.py            | 27 ++++++++++++++++++++++
 2 files changed, 30 insertions(+)

diff --git a/subiquity/server/controllers/filesystem.py b/subiquity/server/controllers/filesystem.py
index 067ffa26..12dcc6e0 100644
--- a/subiquity/server/controllers/filesystem.py
+++ b/subiquity/server/controllers/filesystem.py
@@ -375,6 +375,9 @@ class FilesystemController(SubiquityController, FilesystemManipulator):
                 if not self.app.opts.enhanced_secureboot:
                     log.debug("Not offering enhanced_secureboot: commandline disabled")
                     continue
+                if self.model.bootloader != Bootloader.UEFI:
+                    log.debug("Not offering core boot based install: not a UEFI system")
+                    continue
                 info = self.info_for_system(name, label, system)
                 if info is not None:
                     self._variation_info[name] = info
diff --git a/subiquity/tests/api/test_api.py b/subiquity/tests/api/test_api.py
index 2591fda7..c6092982 100644
--- a/subiquity/tests/api/test_api.py
+++ b/subiquity/tests/api/test_api.py
@@ -673,6 +673,33 @@ class TestCore(TestAPI):
             with self.assertRaises(ClientResponseError):
                 await inst.post("/storage/v2/guided", data)
 
+    @timeout()
+    async def test_basic_no_core_boot_bios(self):
+        cfg = self.machineConfig("examples/machines/simple.json")
+        with cfg.edit() as data:
+            attrs = data["storage"]["blockdev"]["/dev/sda"]["attrs"]
+            attrs["size"] = str(25 << 30)
+        kw = dict(
+            bootloader="bios",
+            extra_args=[
+                "--storage-version",
+                "2",
+                "--source-catalog",
+                "examples/sources/install-canary.yaml",
+                "--dry-run-config",
+                "examples/dry-run-configs/tpm.yaml",
+            ],
+        )
+        async with start_server(cfg, **kw) as inst:
+            await inst.post("/source", source_id="ubuntu-desktop")
+            resp = await inst.get("/storage/v2/guided", wait=True)
+            [reformat, manual] = resp["targets"]
+            for capability in reformat["allowed"]:
+                self.assertNotIn("CORE_BOOT", capability)
+            data = dict(target=reformat, capability="CORE_BOOT_ENCRYPTED")
+            with self.assertRaises(ClientResponseError):
+                await inst.post("/storage/v2/guided", data)
+
 
 class TestAdd(TestAPI):
     @timeout()