diff --git a/pkg/systemd/hw-detect.js b/pkg/systemd/hw-detect.js
index 925116defcc7..1c022c70e0fe 100644
--- a/pkg/systemd/hw-detect.js
+++ b/pkg/systemd/hw-detect.js
@@ -120,6 +120,16 @@ function findMemoryDevices(udevdb, info) {
info.memory = memoryArray;
}
+async function getBootType() {
+ const secure_boot_file = cockpit.manifests.system.config.secure_boot_file;
+ try {
+ const result = await cockpit.file(secure_boot_file, { binary: true }).read();
+ return `EFI (Secure Boot ${result[4] === 1 ? "enabled" : "disabled"})`;
+ } catch {
+ return "BIOS or Legacy";
+ }
+}
+
export default function detect() {
const info = { system: {}, pci: [], memory: [] };
const tasks = [];
@@ -154,6 +164,11 @@ export default function detect() {
return true;
}));
+ tasks.push(getBootType()
+ .then(result => {
+ info.system.boot_type = result;
+ }));
+
// Fallback if systemd < 248
if (info.memory.length === 0) {
tasks.push(machine_info.memory_info()
diff --git a/pkg/systemd/hwinfo.html b/pkg/systemd/hwinfo.html
index 65ea5daf9dfa..1edf6505aa0a 100644
--- a/pkg/systemd/hwinfo.html
+++ b/pkg/systemd/hwinfo.html
@@ -6,6 +6,7 @@
+
diff --git a/pkg/systemd/hwinfo.jsx b/pkg/systemd/hwinfo.jsx
index 53e9713904cc..f0dc022a7f37 100644
--- a/pkg/systemd/hwinfo.jsx
+++ b/pkg/systemd/hwinfo.jsx
@@ -111,6 +111,10 @@ class SystemInfo extends React.Component {
{ bios_date ? timeformat.date(bios_date) : info.bios_date }
}
+
+ { _("Boot type") }
+ { info.boot_type }
+
{ info.nproc !== undefined && <>
{ _("CPU") }
diff --git a/pkg/systemd/manifest.json b/pkg/systemd/manifest.json
index 4f8ad9068361..526f13462d45 100644
--- a/pkg/systemd/manifest.json
+++ b/pkg/systemd/manifest.json
@@ -84,5 +84,9 @@
"preload": [ "index", "services" ],
- "content-security-policy": "img-src 'self' data:"
+ "content-security-policy": "img-src 'self' data:",
+
+ "config": {
+ "secure_boot_file": "/sys/firmware/efi/efivars/SecureBoot-8be4df61-93ca-11d2-aa0d-00e098032b8c"
+ }
}
diff --git a/test/verify/check-system-info b/test/verify/check-system-info
index 887d01a30064..7b4b31ee4674 100755
--- a/test/verify/check-system-info
+++ b/test/verify/check-system-info
@@ -514,6 +514,9 @@ class TestSystemInfo(packagelib.PackageCase):
parsed_bios_date = m.execute("date --date $(cat /sys/class/dmi/id/bios_date) '+%B %-d, %Y'").strip()
b.wait_text('#hwinfo-system-info-list .hwinfo-system-info-list-item:nth-of-type(2) .pf-v5-c-description-list__group:nth-of-type(3) dd', parsed_bios_date)
+ # Boot Type
+ b.wait_text('#hwinfo-system-info-list .hwinfo-system-info-list-item:nth-of-type(2) .pf-v5-c-description-list__group:nth-of-type(4) dd', "BIOS or Legacy")
+
pci_selector = '#hwinfo #pci-listing'
heading_selector = ' .pf-v5-c-card__title'
# PCI
@@ -610,7 +613,7 @@ model name\t: Professor NumberCrunch
b.reload()
b.enter_page('/system/hwinfo')
- b.wait_in_text('#hwinfo-system-info-list .hwinfo-system-info-list-item:nth-of-type(2) .pf-v5-c-description-list__group:nth-of-type(1) dd', "2x Professor NumberCrunch")
+ b.wait_in_text('#hwinfo-system-info-list .hwinfo-system-info-list-item:nth-of-type(2) .pf-v5-c-description-list__group:nth-of-type(2) dd', "2x Professor NumberCrunch")
# /proc/cpuinfo on PowerPC; complete info
m.write("/tmp/cpuinfo", """processor\t: 0
@@ -626,7 +629,7 @@ revision\t: 2.3 (pvr 004e 1203)
b.reload()
b.enter_page('/system/hwinfo')
- b.wait_in_text('#hwinfo-system-info-list .hwinfo-system-info-list-item:nth-of-type(2) .pf-v5-c-description-list__group:nth-of-type(1) dd', "2x POWER9 (architected), altivec supported")
+ b.wait_in_text('#hwinfo-system-info-list .hwinfo-system-info-list-item:nth-of-type(2) .pf-v5-c-description-list__group:nth-of-type(2) dd', "2x POWER9 (architected), altivec supported")
# correct CPU count on overview
b.go("/system")
@@ -661,7 +664,7 @@ machine : 8561
b.go('/system/hwinfo')
b.enter_page('/system/hwinfo')
- b.wait_in_text('#hwinfo-system-info-list .hwinfo-system-info-list-item:nth-of-type(2) .pf-v5-c-description-list__group:nth-of-type(1) dd', "2x IBM/S390")
+ b.wait_in_text('#hwinfo-system-info-list .hwinfo-system-info-list-item:nth-of-type(2) .pf-v5-c-description-list__group:nth-of-type(2) dd', "2x IBM/S390")
# umount mocked /sys/class/dmi/id
m.execute("umount /sys/class/dmi/id")
@@ -710,6 +713,26 @@ machine : 8561
b.wait_text('#memory-listing tr:nth-of-type(2) td[data-label=Rank]', "Single rank")
b.wait_in_text('#memory-listing tr:nth-of-type(2) td[data-label=Speed]', "2400 MT/s")
+ # Pretend UEFI and Secure Boot is enabled
+ m.execute("echo -en '\\x06\\x00\\x00\\x00\\x01' > /tmp/SecureBoot-8be4df61-93ca-11d2-aa0d-00e098032b8c")
+ self.write_file("/etc/cockpit/systemd.override.json",
+ '{ "config": { "secure_boot_file": "/tmp/SecureBoot-8be4df61-93ca-11d2-aa0d-00e098032b8c" } }')
+
+ b.reload()
+ b.go("/system/hwinfo")
+ b.enter_page('/system/hwinfo')
+
+ b.wait_text('#hwinfo-system-info-list .hwinfo-system-info-list-item:nth-of-type(2) .pf-v5-c-description-list__group:nth-of-type(4) dd', "EFI (Secure Boot enabled)")
+
+ # Pretend UEFI and Secure Boot is disabled
+ m.execute("echo -en '\\x06\\x00\\x00\\x00\\x00' > /tmp/SecureBoot-8be4df61-93ca-11d2-aa0d-00e098032b8c")
+
+ b.reload()
+ b.go("/system/hwinfo")
+ b.enter_page('/system/hwinfo')
+
+ b.wait_text('#hwinfo-system-info-list .hwinfo-system-info-list-item:nth-of-type(2) .pf-v5-c-description-list__group:nth-of-type(4) dd', "EFI (Secure Boot disabled)")
+
@ testlib.nondestructive
def testCPUSecurityMitigationsDetect(self):
b = self.browser