Class: Bootloader::Systeminfo
- Inherits:
-
Object
- Object
- Bootloader::Systeminfo
- Extended by:
- Yast::Logger
- Defined in:
- src/lib/bootloader/systeminfo.rb
Overview
Provide system and architecture dependent information
Class Method Summary collapse
- .efi? ⇒ Boolean
-
.efi_arch ⇒ String
Effective UEFI architecture.
-
.efi_mandatory? ⇒ Boolean
Check if EFI mandatory on this system.
-
.efi_platform_size ⇒ Integer
UEFI platform size (32 or 64 bits).
-
.efi_supported? ⇒ Boolean
Check if UEFI is available on this system.
-
.efi_used?(bootloader_name) ⇒ Boolean
Check if UEFI will be used.
-
.nvram_available?(bootloader_name = nil) ⇒ Boolean
Check if the system is expected to have nvram - ie.
-
.ppc_secure_boot ⇒ Object
Return secure boot status on ppc.
-
.ppc_secure_boot_active? ⇒ Boolean
Check if secure boot is currently active on an ppc machine.
-
.ppc_secure_boot_available? ⇒ Boolean
Check if secure boot is (in principle) available on an ppc machine.
-
.ppc_secure_boot_supported? ⇒ Boolean
Check if secure boot is supported with the current setup.
-
.s390_secure_boot_active? ⇒ Boolean
Check if secure boot is currently active on an s390 machine.
-
.s390_secure_boot_available? ⇒ Boolean
Check if secure boot is (in principle) available on an s390 machine.
-
.s390_secure_boot_supported? ⇒ Boolean
Check if secure boot is supported with the current setup.
-
.scsi?(device) ⇒ Boolean
Check if device is a SCSI device.
-
.secure_boot_active? ⇒ Boolean
Check current secure boot state.
-
.secure_boot_available?(bootloader_name) ⇒ Boolean
Check if secure boot is configurable with a bootloader.
-
.secure_boot_supported? ⇒ Boolean
Check if secure boot is in principle supported.
-
.shim_needed?(bootloader_name, secure_boot) ⇒ Boolean
Check if shim-install should be used instead of grub2-install.
-
.trusted_boot_active? ⇒ Boolean
Check current trusted boot state.
-
.trusted_boot_available?(bootloader_name) ⇒ Boolean
Check if trusted boot is configurable with a bootloader.
- .update_nvram_active? ⇒ Boolean
-
.writable_efivars? ⇒ Boolean
Checks if efivars exists and can be written The point here is that without writable UEFI variables the UEFI boot manager cannot (and must not) be updated.
-
.zipl_device ⇒ Y2Storage::Partition, NilClass
The partition where zipl is installed.
Class Method Details
.efi? ⇒ Boolean
262 263 264 |
# File 'src/lib/bootloader/systeminfo.rb', line 262 def efi? Y2Storage::Arch.new.efiboot? end |
.efi_arch ⇒ String
Effective UEFI architecture.
Usually the same as the architecture except on x86_64 where it depends on the platform size.
136 137 138 139 140 |
# File 'src/lib/bootloader/systeminfo.rb', line 136 def efi_arch arch = Yast::Arch.architecture arch = "i386" if arch == "x86_64" && efi_platform_size == 32 arch end |
.efi_mandatory? ⇒ Boolean
Check if EFI mandatory on this system.
103 104 105 |
# File 'src/lib/bootloader/systeminfo.rb', line 103 def efi_mandatory? Yast::Arch.aarch64 || Yast::Arch.arm || Yast::Arch.riscv64 end |
.efi_platform_size ⇒ Integer
UEFI platform size (32 or 64 bits).
On x86_64 systems both variants are possible.
122 123 124 125 126 127 128 |
# File 'src/lib/bootloader/systeminfo.rb', line 122 def efi_platform_size bits = File.read("/sys/firmware/efi/fw_platform_size").to_i log.info "EFI platform size: #{bits}" bits rescue StandardError 0 end |
.efi_supported? ⇒ Boolean
Check if UEFI is available on this system.
It need not currently be used. It should just be possible to put the system into UEFI mode.
97 98 99 |
# File 'src/lib/bootloader/systeminfo.rb', line 97 def efi_supported? Yast::Arch.x86_64 || Yast::Arch.i386 || efi_mandatory? end |
.efi_used?(bootloader_name) ⇒ Boolean
Check if UEFI will be used.
param bootloader_name [String] bootloader name
87 88 89 |
# File 'src/lib/bootloader/systeminfo.rb', line 87 def efi_used?(bootloader_name) ["grub2-efi", "systemd-boot"].include?(bootloader_name) end |
.nvram_available?(bootloader_name = nil) ⇒ Boolean
Check if the system is expected to have nvram - ie. update_nvram_active? makes a difference
60 61 62 |
# File 'src/lib/bootloader/systeminfo.rb', line 60 def nvram_available?(bootloader_name = nil) (bootloader_name ? efi_used?(bootloader_name) : efi_supported?) || Yast::Arch.ppc end |
.ppc_secure_boot ⇒ Object
Return secure boot status on ppc
nil - no support 0 - disabled 1 - enabled in audit-only mode 2+ - enabled in enforcing mode
192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 |
# File 'src/lib/bootloader/systeminfo.rb', line 192 def ppc_secure_boot # see bsc#1192764 result = nil return nil unless Yast::Arch.ppc begin result = File.read("/proc/device-tree/ibm,secure-boot") result = result.unpack1("N") log.info "reading ibm,secure-boot result #{result}" rescue StandardError => e log.info "reading ibm,secure-boot failed with #{e}" result = nil end result end |
.ppc_secure_boot_active? ⇒ Boolean
Check if secure boot is currently active on an ppc machine.
The 'real' state, not any config file setting.
229 230 231 232 |
# File 'src/lib/bootloader/systeminfo.rb', line 229 def ppc_secure_boot_active? # see bsc#1192764 ppc_secure_boot.to_i > 0 end |
.ppc_secure_boot_available? ⇒ Boolean
Check if secure boot is (in principle) available on an ppc machine.
211 212 213 214 |
# File 'src/lib/bootloader/systeminfo.rb', line 211 def ppc_secure_boot_available? # see bsc#1192764 !ppc_secure_boot.nil? end |
.ppc_secure_boot_supported? ⇒ Boolean
Check if secure boot is supported with the current setup.
220 221 222 |
# File 'src/lib/bootloader/systeminfo.rb', line 220 def ppc_secure_boot_supported? ppc_secure_boot_available? end |
.s390_secure_boot_active? ⇒ Boolean
Check if secure boot is currently active on an s390 machine.
The 'real' state, not any config file setting.
174 175 176 177 178 179 180 181 182 183 184 |
# File 'src/lib/bootloader/systeminfo.rb', line 174 def s390_secure_boot_active? return false unless Yast::Arch.s390 # see jsc#SLE-9425 res = File.read("/sys/firmware/ipl/secure", 1) log.info "s390 secure: #{res}" res == "1" rescue StandardError false end |
.s390_secure_boot_available? ⇒ Boolean
Check if secure boot is (in principle) available on an s390 machine.
145 146 147 148 149 150 151 152 153 154 155 |
# File 'src/lib/bootloader/systeminfo.rb', line 145 def s390_secure_boot_available? # see jsc#SLE-9425 return false unless Yast::Arch.s390 res = File.read("/sys/firmware/ipl/has_secure", 1) log.info "s390 has secure: #{res}" res == "1" rescue StandardError false end |
.s390_secure_boot_supported? ⇒ Boolean
Check if secure boot is supported with the current setup.
The catch here is that secure boot works only with SCSI disks.
163 164 165 166 167 |
# File 'src/lib/bootloader/systeminfo.rb', line 163 def s390_secure_boot_supported? return false unless Yast::Arch.s390 s390_secure_boot_available? && scsi?(zipl_device) end |
.scsi?(device) ⇒ Boolean
Check if device is a SCSI device.
param device [Y2Storage::Partition, NilClass] partition device (or nil)
253 254 255 256 257 258 259 260 |
# File 'src/lib/bootloader/systeminfo.rb', line 253 def scsi?(device) # checking if device name starts with 'sd' is not enough: it could # be a device mapper target (e.g. multipath) # see bsc#1171821 device.name.start_with?("/dev/sd") || device.udev_ids.any?(/^scsi-/) rescue StandardError false end |
.secure_boot_active? ⇒ Boolean
Check current secure boot state.
This reflects settings on OS level. If secure boot is not supported, it returns false.
22 23 24 25 |
# File 'src/lib/bootloader/systeminfo.rb', line 22 def secure_boot_active? secure_boot_supported? && Sysconfig.from_system.secure_boot end |
.secure_boot_available?(bootloader_name) ⇒ Boolean
Check if secure boot is configurable with a bootloader.
41 42 43 44 45 46 |
# File 'src/lib/bootloader/systeminfo.rb', line 41 def secure_boot_available?(bootloader_name) # no shim for i386 (yet) return false if efi_arch == "i386" efi_used?(bootloader_name) || s390_secure_boot_available? || ppc_secure_boot_available? end |
.secure_boot_supported? ⇒ Boolean
Check if secure boot is in principle supported.
30 31 32 33 34 35 |
# File 'src/lib/bootloader/systeminfo.rb', line 30 def secure_boot_supported? # no shim for i386 (yet) return false if efi_arch == "i386" efi_supported? || s390_secure_boot_supported? || ppc_secure_boot_supported? end |
.shim_needed?(bootloader_name, secure_boot) ⇒ Boolean
Check if shim-install should be used instead of grub2-install.
param bootloader_name [String] bootloader name param secure_boot [Boolean] secure boot setting
112 113 114 115 |
# File 'src/lib/bootloader/systeminfo.rb', line 112 def shim_needed?(bootloader_name, secure_boot) (Yast::Arch.x86_64 || Yast::Arch.i386 || Yast::Arch.aarch64) && secure_boot && efi_used?(bootloader_name) end |
.trusted_boot_active? ⇒ Boolean
Check current trusted boot state.
ATM this just returns the config file setting.
53 54 55 56 57 |
# File 'src/lib/bootloader/systeminfo.rb', line 53 def trusted_boot_active? # FIXME: this should probably be a real check as in Grub2Widget#validate # and then Grub2Widget#validate could use Systeminfo.trusted_boot_active? Sysconfig.from_system.trusted_boot end |
.trusted_boot_available?(bootloader_name) ⇒ Boolean
Check if trusted boot is configurable with a bootloader.
param bootloader_name [String] bootloader name
72 73 74 75 76 77 78 79 80 81 |
# File 'src/lib/bootloader/systeminfo.rb', line 72 def trusted_boot_available?(bootloader_name) # TPM availability is must have return false unless File.exist?("/dev/tpm0") # for details about grub2 efi trusted boot support see FATE#315831 ( bootloader_name == "grub2" && (Yast::Arch.x86_64 || Yast::Arch.i386) ) || bootloader_name == "grub2-efi" end |
.update_nvram_active? ⇒ Boolean
64 65 66 |
# File 'src/lib/bootloader/systeminfo.rb', line 64 def update_nvram_active? Sysconfig.from_system.update_nvram end |
.writable_efivars? ⇒ Boolean
Checks if efivars exists and can be written The point here is that without writable UEFI variables the UEFI boot manager cannot (and must not) be updated.
273 274 275 276 |
# File 'src/lib/bootloader/systeminfo.rb', line 273 def writable_efivars? storage_arch = Y2Storage::Arch.new storage_arch.efiboot? && storage_arch.efibootmgr? end |
.zipl_device ⇒ Y2Storage::Partition, NilClass
The partition where zipl is installed.
237 238 239 240 241 242 243 244 245 246 |
# File 'src/lib/bootloader/systeminfo.rb', line 237 def zipl_device staging = Y2Storage::StorageManager.instance.staging mountpoint = Y2Storage::MountPoint.find_by_path(staging, "/boot/zipl").first || Y2Storage::MountPoint.find_by_path(staging, "/boot").first || Y2Storage::MountPoint.find_by_path(staging, "/").first mountpoint.filesystem.blk_devices.first rescue StandardError nil end |