Check for used UEFI certificates when updating vm platform

Signed-off-by: BenjiReis <[email protected]>
xcp-ng · Dec 21, 2023 · dfa9b94 · dfa9b94
1 parent 5196f53
commit dfa9b94
Show file tree

Hide file tree

Showing 2 changed files with 12 additions and 3 deletions.
diff --git a/ocaml/xapi/helpers.ml b/ocaml/xapi/helpers.ml
@@ -2047,3 +2047,13 @@ let unit_test ~__context : bool =
       true
   | None ->
       false
+
+let get_active_uefi_certificates ~__context ~self =
+  let custom_uefi_certs =
+    Db.Pool.get_custom_uefi_certificates ~__context ~self
+  in
+  match (!Xapi_globs.allow_custom_uefi_certs, custom_uefi_certs) with
+  | false, _ | true, "" ->
+      Db.Pool.get_uefi_certificates ~__context ~self
+  | true, _ ->
+      custom_uefi_certs
diff --git a/ocaml/xapi/xapi_vm.ml b/ocaml/xapi/xapi_vm.ml
@@ -290,9 +290,8 @@ let update_platform_secureboot ~__context ~self platform =
   | exception Not_found ->
       platform
   | "auto" ->
-      ( "secureboot"
-      , string_of_bool (Db.Pool.get_uefi_certificates ~__context ~self <> "")
-      )
+      let uefi_certs = Helpers.get_active_uefi_certificates ~__context ~self in
+      ("secureboot", string_of_bool (uefi_certs <> ""))
       :: List.remove_assoc "secureboot" platform
   | _ ->
       platform