Display boot type information (EFI, BIOS, Secure Boot, etc.) #19368
Comments
|
It seems like if you read
|
allisonkarlitskaya
changed the title
|
GNOME 45, just released, has included more system information and moved most of the system-level stuff to a popup window. Here's what it looks like (after I moved the window to the side a bit, to show both parts of the information).
Is there anything useful in there that we should also include? WDYT? |
|
GNOME also has secure boot shown like this under the privacy > security section:
|
|
Firmware and kernel versions are potentially interesting. Some of the other things like CPU type we have tucked away inside of "Hardware details" and I think they belong there... |
|
My security panel also has "Linux Kernel Lockdown" (I guess that means no unsigned modules) and "Encrypted RAM". Those are potentially nice for the "Hardware details" panel as well? For me I guess the top-level interesting item is "Secure Boot is enabled" and indeed GNOME also gives it top billing with its own large indicator at the top of the page. |
|
Linux Kernel lockdown is a sysctl / kernel option. Feels a bit weird to mix that with "Hardware details". https://man7.org/linux/man-pages/man7/kernel_lockdown.7.html |
Seems pretty easy to achieve indeed: diff --git a/pkg/systemd/hw-detect.js b/pkg/systemd/hw-detect.js
index 925116def..305b11a9c 100644
--- a/pkg/systemd/hw-detect.js
+++ b/pkg/systemd/hw-detect.js
@@ -120,6 +120,17 @@ function findMemoryDevices(udevdb, info) {
info.memory = memoryArray;
}
+async function getBootType() {
+ try {
+ await cockpit.script("test -f /sys/firmware/efi/efivars/SecureBoot-8be4df61-93ca-11d2-aa0d-00e098032b8c");
+ } catch {
+ return "BIOS or Legacy";
+ }
+
+ const result = await cockpit.script("od -j4 --address-radix=n --format=u1 /sys/firmware/efi/efivars/SecureBoot-8be4df61-93ca-11d2-aa0d-00e098032b8c");
+ return `EFI (Secure Boot ${result.trim() == "1" ? "enabled" : "disabled"})`;
+}
+
export default function detect() {
const info = { system: {}, pci: [], memory: [] };
const tasks = [];
@@ -154,6 +165,11 @@ export default function detect() {
return true;
}));
+ tasks.push(getBootType()
+ .then(result => {
+ info.system.boot_type = result;
+ }));
+
// Fallback if systemd < 248
if (info.memory.length === 0) {
tasks.push(machine_info.memory_info()
diff --git a/pkg/systemd/hwinfo.jsx b/pkg/systemd/hwinfo.jsx
index 53e971390..f0dc022a7 100644
--- a/pkg/systemd/hwinfo.jsx
+++ b/pkg/systemd/hwinfo.jsx
@@ -111,6 +111,10 @@ class SystemInfo extends React.Component {
<DescriptionListDescription>{ bios_date ? timeformat.date(bios_date) : info.bios_date }</DescriptionListDescription>
</DescriptionListGroup>
</> }
+ <DescriptionListGroup>
+ <DescriptionListTerm>{ _("Boot type") }</DescriptionListTerm>
+ <DescriptionListDescription>{ info.boot_type }</DescriptionListDescription>
+ </DescriptionListGroup>
{ info.nproc !== undefined && <>
<DescriptionListGroup>
<DescriptionListTerm>{ _("CPU") }</DescriptionListTerm> |
Cool! I would have imagined using a single cockpit.file('/sys/firmware/efi/efivars/SecureBoot-8be4df61-93ca-11d2-aa0d-00e098032b8c', {binary: true}).read()though. |
|
Yep I never noticed that extra flag, that works :) |
|
@allisonkarlitskaya the int test |
|
Hello @allisonkarlitskaya can i work on this issue, i am new to this project looking for good first issues. |
|
There is already a Pull Request open for this issue, so I would suggest looking into a different issue. |
|
Is this issue still open? Can I contribute? |
|
We need more than that... We also need to know if we're using a "fake-UEFI" like U-Boot (on ARM and RISC-V). |
Possibly nice feature that would fit in nicely in the "System information" card.
If it's possible to determine it, show a "Boot type" indicator which could be one of:
The text was updated successfully, but these errors were encountered: