From 31d656b10af8a13202079f17f91790b6296669d9 Mon Sep 17 00:00:00 2001
From: Jarred Wilson <jarred.wilson12@gmail.com>
Date: Sun, 8 Sep 2024 20:50:24 +0000
Subject: [PATCH] fix:[#1651] Add MOTD message for SB keys

- Add logic to check for SB enrollment and keys
- Update motd template
---
 .../kinoite/usr/share/ublue-os/motd/bluefin.md     |  2 ++
 system_files/shared/usr/libexec/ublue-motd         | 14 ++++++++++++++
 .../silverblue/usr/share/ublue-os/motd/bluefin.md  |  2 ++
 3 files changed, 18 insertions(+)

diff --git a/system_files/kinoite/usr/share/ublue-os/motd/bluefin.md b/system_files/kinoite/usr/share/ublue-os/motd/bluefin.md
index 614bda9d241..6f3be15a4c2 100644
--- a/system_files/kinoite/usr/share/ublue-os/motd/bluefin.md
+++ b/system_files/kinoite/usr/share/ublue-os/motd/bluefin.md
@@ -15,3 +15,5 @@ Let's trace the stars.
 - 󰊤 [Issues](https://issues.projectbluefin.io)
 - 󰈙 [Documentation](http://docs.projectbluefin.io/)
 - 󰊌 [Discuss](https://community.projectbluefin.io/)
+
+%KEY_WARN%
diff --git a/system_files/shared/usr/libexec/ublue-motd b/system_files/shared/usr/libexec/ublue-motd
index 4c77fcf1f3c..96328faab9c 100755
--- a/system_files/shared/usr/libexec/ublue-motd
+++ b/system_files/shared/usr/libexec/ublue-motd
@@ -26,3 +26,17 @@ if [[ -f "$TIP_FILE" ]]; then
 
 	sed -e "s/%IMAGE_NAME%/$IMAGE_NAME_ESCAPED/g" -e "s/%IMAGE_TAG%/$IMAGE_TAG_ESCAPED/g" -e "s/%TIP%/$TIP_ESCAPED/g" /usr/share/ublue-os/motd/bluefin.md | tr '~' '\n' | /usr/bin/glow -s auto -w 78 -
 fi
+
+# check for secure boot key
+KEY_WARN=""
+FINGERPRINT="2B:E9:91:E3:B1:B5:40:70:F4:3D:80:BB:13:EB:C6:57:E5:A3:78:0D"
+mokutil --list-enrolled | grep -q $FINGERPRINT
+ENROLLED=$?
+mokutil --sb-state | grep -q enabled
+SB_ENABLED=$?
+
+if [ $ENROLL -eq 1 ] && [ $SB_ENABLED -eq 0 ]; then
+	KEY_WARN="WARNING: This machine has secure boot turned on but you haven't enrolled Universal Blue's keys. \nFailing to enroll these before rebooting may cause your system to fail to boot. \nFollow https://docs.projectbluefin.io/introduction#secure-boot for instructions on how to enroll the keys."
+fi
+
+sed -e "s/%KEY_WARN%/$KEY_WARN/g" /usr/share/ublue-os/motd/bluefin.md | tr '~' '\n' | /usr/bin/glow -s auto -w 78 -
\ No newline at end of file
diff --git a/system_files/silverblue/usr/share/ublue-os/motd/bluefin.md b/system_files/silverblue/usr/share/ublue-os/motd/bluefin.md
index 015d17a4656..119db38cd0b 100644
--- a/system_files/silverblue/usr/share/ublue-os/motd/bluefin.md
+++ b/system_files/silverblue/usr/share/ublue-os/motd/bluefin.md
@@ -15,3 +15,5 @@
 - 󰈙 [Documentation](http://docs.projectbluefin.io/)
 - 󰊌 [Discuss](https://community.projectbluefin.io/)
 - 󰊌 [Leave Feedback](https://feedback.projectbluefin.io)
+
+    %KEY_WARN%