🩹 fix secure boot

src/install/mod.rs

@@ -18,7 +18,7 @@ use gpu::setup_video_drivers;
 use kernel::setup_mkinitcpio;
 use navos::setup_navos;
 use ollama::setup_ollama;
-use security::{setup_secure_boot, setup_tpm_unlock};
+use security::{has_secure_boot, setup_secure_boot, setup_tpm_unlock};
 use skel::setup_skel;
 use ssh::setup_ssh;
 use user::setup_users;
@@ -190,7 +190,8 @@ pub fn install_mnt(conf: InstallConfig, bare: bool) {
     setup_fstrim();
     setup_bootloader();
     setup_mkinitcpio(&conf.drive);
-    if bare {
+
+    if bare && has_secure_boot() {
         setup_secure_boot();
     }
 

src/install/security.rs

@@ -4,7 +4,7 @@ use yansi::{Color, Paint};
 
 use crate::{
     config::DriveConfig,
-    linux::{arch_chroot, install_file, run_command, systemd_service_enable},
+    linux::{arch_chroot, install_file, run_command, run_command_noerr, systemd_service_enable},
     pkg::install_pkgs,
 };
 
@@ -49,12 +49,20 @@ pub fn setup_tpm_unlock(conf: &DriveConfig) {
 
 // SECURE BOOT
 
-pub fn ensure_secure_boot() {
-    let (stdout, _) = run_command(&["sbctl", "status"], None, false);
+pub fn has_secure_boot() -> bool {
+    let (stdout, _) = run_command_noerr(&["sbctl", "status"], None, false);
     let binding = stdout.lines().collect::<Vec<&str>>();
     let status = binding.get(1).unwrap();
 
-    if !status.contains("Setup Mode") || !status.contains("Enabled") {
+    if status.contains("Setup Mode") || status.contains("Enabled") {
+        return true;
+    }
+
+    false
+}
+
+pub fn ensure_secure_boot() {
+    if !has_secure_boot() {
         println!(
             "{}",
             "[!] Secure Boot is not in Setup Mode".paint(Color::Red)

src/main.rs

@@ -53,7 +53,8 @@ fn main() {
                 std::process::exit(1);
             }
 
-            ensure_secure_boot();
+            // TODO : make secure boot configurable
+            //ensure_secure_boot();
 
             let config_file: &String = install_args.get_one("config").unwrap();
             let force = install_args.get_flag("force");