From 07c4fe9ba4511f06bdd302cf37b3059ea86df8c6 Mon Sep 17 00:00:00 2001
From: Christian Breunig <christian@breunig.cc>
Date: Mon, 26 Aug 2024 20:26:18 +0200
Subject: T861: op-mode: add "install mok" CLI command

Deploy VyOS Secure Boot CA MOK (Machine Owner Key) into UEFI variables of
the running machine.
---
 op-mode-definitions/install-mok.xml.in | 13 +++++++++++++
 1 file changed, 13 insertions(+)
 create mode 100644 op-mode-definitions/install-mok.xml.in

(limited to 'op-mode-definitions')

diff --git a/op-mode-definitions/install-mok.xml.in b/op-mode-definitions/install-mok.xml.in
new file mode 100644
index 000000000..18526a354
--- /dev/null
+++ b/op-mode-definitions/install-mok.xml.in
@@ -0,0 +1,13 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<interfaceDefinition>
+  <node name="install">
+    <children>
+      <leafNode name="mok">
+        <properties>
+          <help>Install Secure Boot MOK (Machine Owner Key)</help>
+        </properties>
+        <command>if test -f /var/lib/shim-signed/mok/MOK.der; then sudo mokutil --ignore-keyring --import /var/lib/shim-signed/mok/MOK.der; else echo "Secure Boot Machine Owner Key not found"; fi</command>
+      </leafNode>
+    </children>
+  </node>
+</interfaceDefinition>
-- 
cgit v1.2.3