From bc6f2e7c62bcd08177f879423188c54289694619 Mon Sep 17 00:00:00 2001
From: Kay Sievers <kay@vrfy.org>
Date: Sun, 10 Mar 2013 22:47:56 +0100
Subject: bootctl: print secure boot flags

---
 src/boot/boot-efi.c |  3 +++
 src/boot/boot.h     |  2 ++
 src/boot/bootctl.c  | 35 +++++++++++++++++++++++------------
 3 files changed, 28 insertions(+), 12 deletions(-)

(limited to 'src/boot')

diff --git a/src/boot/boot-efi.c b/src/boot/boot-efi.c
index 51f12c0c1a..9960c4d742 100644
--- a/src/boot/boot-efi.c
+++ b/src/boot/boot-efi.c
@@ -158,6 +158,9 @@ int boot_info_query(struct boot_info *info) {
         char buf[64];
         char *loader_active = NULL;
 
+        info->fw_secure_boot = is_efi_secure_boot();
+        info->fw_secure_boot_setup_mode = is_efi_secure_boot_setup_mode();
+
         efi_get_variable_string(EFI_VENDOR_LOADER, "LoaderInfo", &info->loader);
 
         get_boot_entries(info);
diff --git a/src/boot/boot.h b/src/boot/boot.h
index febee123d5..bd8dc69d3d 100644
--- a/src/boot/boot.h
+++ b/src/boot/boot.h
@@ -45,6 +45,8 @@ struct boot_info {
         sd_id128_t boot_id;
         char *fw_type;
         char *fw_info;
+        int fw_secure_boot;
+        int fw_secure_boot_setup_mode;
         struct boot_info_entry *fw_entries;
         size_t fw_entries_count;
         uint16_t *fw_entries_order;
diff --git a/src/boot/bootctl.c b/src/boot/bootctl.c
index 2a42898e39..35daad81c6 100644
--- a/src/boot/bootctl.c
+++ b/src/boot/bootctl.c
@@ -143,33 +143,44 @@ static int show_status(char **args, unsigned n) {
 
         err = boot_info_query(info);
 
-        printf("    Machine ID: %s\n", sd_id128_to_string(info->machine_id, buf));
-        printf("       Boot ID: %s\n", sd_id128_to_string(info->boot_id, buf));
+        printf("Machine:\n");
+        printf("           ID: %s\n", sd_id128_to_string(info->machine_id, buf));
+        printf("      Boot ID: %s\n", sd_id128_to_string(info->boot_id, buf));
+        printf("\n");
+
+        printf("Firmware:\n");
         if (info->fw_type)
-                printf("      Firmware: %s (%s)\n", info->fw_type, strna(info->fw_info));
+                printf("         Type: %s (%s)\n", info->fw_type, strna(info->fw_info));
+
+        if (info->fw_secure_boot >= 0)
+                printf("  Secure Boot: %s\n", info->fw_secure_boot ? "enabled" : "disabled");
+        if (info->fw_secure_boot_setup_mode >= 0)
+                printf("     Setup Mode: %s\n", info->fw_secure_boot_setup_mode ? "setup" : "user");
 
         if (info->fw_entry_active >= 0) {
-                printf("Firmware entry: %s\n", strna(info->fw_entries[info->fw_entry_active].title));
+                printf("        Title: %s\n", strna(info->fw_entries[info->fw_entry_active].title));
                 if (info->fw_entries[info->fw_entry_active].path)
-                        printf("                %s\n", info->fw_entries[info->fw_entry_active].path);
+                        printf("       Binary: %s\n", info->fw_entries[info->fw_entry_active].path);
                 if (!sd_id128_equal(info->fw_entries[info->fw_entry_active].part_uuid, SD_ID128_NULL))
-                        printf("                /dev/disk/by-partuuid/%02x%02x%02x%02x-%02x%02x-%02x%02x-%02x%02x-%02x%02x%02x%02x%02x%02x\n",
+                        printf("    Partition: /dev/disk/by-partuuid/%02x%02x%02x%02x-%02x%02x-%02x%02x-%02x%02x-%02x%02x%02x%02x%02x%02x\n",
                                SD_ID128_FORMAT_VAL(info->fw_entries[info->fw_entry_active].part_uuid));
         }
+        printf("\n");
 
         if (info->loader) {
-                printf("        Loader: %s\n", info->loader);
-                printf("                %s\n", strna(info->loader_image_path));
+                printf("Boot loader:\n");
+                printf("         Type: %s\n", info->loader);
+                printf("       Binary: %s\n", strna(info->loader_image_path));
                 if (!sd_id128_equal(info->loader_part_uuid, SD_ID128_NULL))
-                        printf("                /dev/disk/by-partuuid/%02x%02x%02x%02x-%02x%02x-%02x%02x-%02x%02x-%02x%02x%02x%02x%02x%02x\n",
+                        printf("    Partition: /dev/disk/by-partuuid/%02x%02x%02x%02x-%02x%02x-%02x%02x-%02x%02x-%02x%02x%02x%02x%02x%02x\n",
                                SD_ID128_FORMAT_VAL(info->loader_part_uuid));
 
                 if (info->loader_entry_active >= 0) {
-                        printf("  Loader entry: %s\n", strna(info->loader_entries[info->loader_entry_active].title));
-                        printf("                %s\n", info->loader_entries[info->loader_entry_active].path);
+                        printf("        Title: %s\n", strna(info->loader_entries[info->loader_entry_active].title));
+                        printf("        Entry: %s\n", info->loader_entries[info->loader_entry_active].path);
                 }
 
-                printf("Loader options: %s\n", strna(info->loader_options_added));
+                printf("      Options: %s\n", strna(info->loader_options_added));
         } else
                 printf("No suitable data is provided by the boot manager. See:\n"
                        "  http://www.freedesktop.org/wiki/Software/systemd/BootLoaderInterface\n"
-- 
cgit v1.2.3-54-g00ecf