From 8c9db904df4f59ef0d30af7cffd23bbb1f28c7d7 Mon Sep 17 00:00:00 2001
From: JMARyA <jmarya@hydrar.de>
Date: Thu, 10 Apr 2025 13:45:02 +0200
Subject: [PATCH] =?UTF-8?q?=E2=99=BB=EF=B8=8F=20optional=20secure=20boot?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 installs/full.toml | 3 +++
 src/config.rs      | 4 +++-
 src/install/mod.rs | 7 ++++++-
 src/main.rs        | 7 ++++---
 4 files changed, 16 insertions(+), 5 deletions(-)

diff --git a/installs/full.toml b/installs/full.toml
index 48c7839..d48ea9b 100644
--- a/installs/full.toml
+++ b/installs/full.toml
@@ -47,6 +47,9 @@ gpu_driver = "NVIDIA"
 # Enable firewall
 firewall = true
 
+# Secure Boot
+secure_boot = true
+
 [pkg]
 # Additional packages
 pkg = [
diff --git a/src/config.rs b/src/config.rs
index 1854a0f..baf8d33 100644
--- a/src/config.rs
+++ b/src/config.rs
@@ -105,8 +105,10 @@ pub struct GeneralConfig {
     pub bluetooth: Option<bool>,
     /// Install Video Driver
     pub gpu_driver: Option<GPUVendor>,
-    // Eanble firewall
+    // Enable firewall
     pub firewall: Option<bool>,
+    // Want Secure Boot
+    pub secure_boot: Option<bool>,
 }
 
 #[derive(Debug, Clone, Deserialize)]
diff --git a/src/install/mod.rs b/src/install/mod.rs
index fa406bd..c2616cb 100644
--- a/src/install/mod.rs
+++ b/src/install/mod.rs
@@ -52,6 +52,7 @@ pub mod zram;
 use crate::{
     config::InstallConfig,
     pkg::{self, install_pkgs, pacstrap},
+    print_status,
 };
 
 /// Uncomment the first occurrence of a specified value in a file.
@@ -198,7 +199,11 @@ pub fn install_mnt(conf: InstallConfig, bare: bool) {
     setup_mkinitcpio(&conf.drive);
 
     if bare && has_secure_boot() {
-        setup_secure_boot();
+        if conf.general.secure_boot.unwrap_or(true) {
+            setup_secure_boot();
+        } else {
+            print_status("Skipping Secure Boot");
+        }
     }
 
     if conf.drive.encryption.is_some() {
diff --git a/src/main.rs b/src/main.rs
index e6d0d92..712e405 100644
--- a/src/main.rs
+++ b/src/main.rs
@@ -53,9 +53,6 @@ fn main() {
                 std::process::exit(1);
             }
 
-            // TODO : make secure boot configurable
-            //ensure_secure_boot();
-
             let config_file: &String = install_args.get_one("config").unwrap();
             let force = install_args.get_flag("force");
             let conf = read_conf(config_file);
@@ -66,6 +63,10 @@ fn main() {
                 expect_yes();
             }
 
+            if conf.general.secure_boot.unwrap_or(false) {
+                ensure_secure_boot();
+            }
+
             // Run the
             install(conf, true);
         }