From 53f49169b1a63b74e40e284a725e52cc8fdf666f Mon Sep 17 00:00:00 2001
From: Itxaka <itxaka.garcia@spectrocloud.com>
Date: Wed, 10 Jan 2024 10:38:31 +0100
Subject: [PATCH] Fix uki mode detection (#198)

---
 internal/agent/hooks/kcrypt_uki.go | 10 ++++++++++
 internal/agent/install.go          | 14 ++++++++++----
 pkg/utils/common.go                |  2 +-
 3 files changed, 21 insertions(+), 5 deletions(-)

diff --git a/internal/agent/hooks/kcrypt_uki.go b/internal/agent/hooks/kcrypt_uki.go
index fec064b7..86e4b777 100644
--- a/internal/agent/hooks/kcrypt_uki.go
+++ b/internal/agent/hooks/kcrypt_uki.go
@@ -9,6 +9,7 @@ import (
 	"github.com/kairos-io/kairos-sdk/machine"
 	"github.com/kairos-io/kairos-sdk/utils"
 	kcrypt "github.com/kairos-io/kcrypt/pkg/lib"
+	"os"
 	"strconv"
 	"strings"
 	"time"
@@ -41,6 +42,15 @@ func (k KcryptUKI) Run(c config.Config, _ v1.Spec) error {
 		return nil
 	}
 
+	// Check for a TPM 2.0 device as its needed to encrypt
+	// Exposed by the kernel to userspace as /dev/tpmrm0 since kernel 4.12
+	// https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=fdc915f7f71939ad5a3dda3389b8d2d7a7c5ee66
+	_, err = os.Stat("/dev/tpmrm0")
+	if err != nil {
+		c.Logger.Warnf("Skipping partition encryption, could not find TPM 2.0 device at /dev/tpmrm0")
+		return nil
+	}
+
 	// We always encrypt OEM and PERSISTENT under UKI
 	// If mounted, unmount it
 	_ = machine.Umount(constants.OEMDir)        //nolint:errcheck
diff --git a/internal/agent/install.go b/internal/agent/install.go
index 585eab34..64499647 100644
--- a/internal/agent/install.go
+++ b/internal/agent/install.go
@@ -218,8 +218,13 @@ func RunInstall(c *config.Config) error {
 
 	// UKI path. Check if we are on UKI AND if we are running off a cd, otherwise it makes no sense to run the install
 	// From the installed system
-	if internalutils.UkiBootMode() == internalutils.UkiRemovableMedia {
-		return runInstallUki(c)
+	if internalutils.IsUki() {
+		c.Logger.Debugf("UKI mode: %s\n", internalutils.UkiBootMode())
+		if internalutils.UkiBootMode() == internalutils.UkiRemovableMedia {
+			return runInstallUki(c)
+		}
+		c.Logger.Warnf("UKI boot mode is not removable media, skipping install")
+		return nil
 	} else { // Non-uki path
 		return runInstall(c)
 	}
@@ -289,8 +294,9 @@ func dumpCCStringToFile(c *config.Config) (string, error) {
 		c.Logger.Error("Error creating temporary file for install config: %s\n", err.Error())
 		return "", err
 	}
-	defer os.RemoveAll(f.Name())
-
+	defer func(f *os.File) {
+		_ = f.Close()
+	}(f)
 	ccstring, err := c.String()
 	if err != nil {
 		return "", err
diff --git a/pkg/utils/common.go b/pkg/utils/common.go
index 154fc912..0502f23d 100644
--- a/pkg/utils/common.go
+++ b/pkg/utils/common.go
@@ -520,7 +520,7 @@ const (
 func UkiBootMode() state.Boot {
 	if IsUki() {
 		_, err := os.Stat("/run/cos/uki_boot_mode")
-		if err != nil {
+		if err == nil {
 			return UkiHDD
 		}
 		return UkiRemovableMedia