T861: op-mode: add "show secure-boot [keys]" CLI command

Support getting current system secure boot state. In addition add optional suppor tto list all enrolled MOK (Machine Owner Keys) in the UEFI variable store.
author: Christian Breunig <christian@breunig.cc> 2024-08-26 20:24:54 +0200
committer: Christian Breunig <christian@breunig.cc> 2024-09-16 17:28:50 +0200
commit: 9dfcea3c874d81b03244f40a346694b62637dc5a (patch)
tree: 7319a5820506ad8fec926f7bdf00177059eee480 /op-mode-definitions
parent: b78cc96cc4c4d506b7e959ec6ec9c3e7fc09fc33 (diff)
download: vyos-1x-9dfcea3c874d81b03244f40a346694b62637dc5a.tar.gz
vyos-1x-9dfcea3c874d81b03244f40a346694b62637dc5a.zip
1 files changed, 21 insertions, 0 deletions
diff --git a/op-mode-definitions/show-secure-boot.xml.in b/op-mode-definitions/show-secure-boot.xml.in
new file mode 100644
index 000000000..ff731bac9
--- /dev/null
+++ b/op-mode-definitions/show-secure-boot.xml.in
@@ -0,0 +1,21 @@
+<?xml version="1.0"?>
+<interfaceDefinition>
+  <node name="show">
+    <children>
+      <node name="secure-boot">
+        <properties>
+          <help>Show Secure Boot state</help>
+        </properties>
+        <command>${vyos_op_scripts_dir}/secure_boot.py show</command>
+        <children>
+          <leafNode name="keys">
+            <properties>
+              <help>Show enrolled certificates</help>
+            </properties>
+            <command>mokutil --list-enrolled</command>
+          </leafNode>
+        </children>
+      </node>
+    </children>
+  </node>
+</interfaceDefinition>
author	Christian Breunig <christian@breunig.cc>	2024-08-26 20:24:54 +0200
committer	Christian Breunig <christian@breunig.cc>	2024-09-16 17:28:50 +0200
commit	9dfcea3c874d81b03244f40a346694b62637dc5a (patch)
tree	7319a5820506ad8fec926f7bdf00177059eee480 /op-mode-definitions
parent	b78cc96cc4c4d506b7e959ec6ec9c3e7fc09fc33 (diff)
download	vyos-1x-9dfcea3c874d81b03244f40a346694b62637dc5a.tar.gz vyos-1x-9dfcea3c874d81b03244f40a346694b62637dc5a.zip