From dfa9b94b2c541f20ce6f48105f7dff58fd8124af Mon Sep 17 00:00:00 2001 From: BenjiReis Date: Wed, 22 Nov 2023 10:49:17 +0100 Subject: [PATCH] Check for used UEFI certificates when updating vm platform Signed-off-by: BenjiReis --- ocaml/xapi/helpers.ml | 10 ++++++++++ ocaml/xapi/xapi_vm.ml | 5 ++--- 2 files changed, 12 insertions(+), 3 deletions(-) diff --git a/ocaml/xapi/helpers.ml b/ocaml/xapi/helpers.ml index c31ed7895ec..6a0b2cb826f 100644 --- a/ocaml/xapi/helpers.ml +++ b/ocaml/xapi/helpers.ml @@ -2047,3 +2047,13 @@ let unit_test ~__context : bool = true | None -> false + +let get_active_uefi_certificates ~__context ~self = + let custom_uefi_certs = + Db.Pool.get_custom_uefi_certificates ~__context ~self + in + match (!Xapi_globs.allow_custom_uefi_certs, custom_uefi_certs) with + | false, _ | true, "" -> + Db.Pool.get_uefi_certificates ~__context ~self + | true, _ -> + custom_uefi_certs diff --git a/ocaml/xapi/xapi_vm.ml b/ocaml/xapi/xapi_vm.ml index c9aefc94b83..d6c6c35f4b2 100644 --- a/ocaml/xapi/xapi_vm.ml +++ b/ocaml/xapi/xapi_vm.ml @@ -290,9 +290,8 @@ let update_platform_secureboot ~__context ~self platform = | exception Not_found -> platform | "auto" -> - ( "secureboot" - , string_of_bool (Db.Pool.get_uefi_certificates ~__context ~self <> "") - ) + let uefi_certs = Helpers.get_active_uefi_certificates ~__context ~self in + ("secureboot", string_of_bool (uefi_certs <> "")) :: List.remove_assoc "secureboot" platform | _ -> platform