Add facts to note EFI status

simp · Sep 15, 2020 · 7e71bb7 · 7e71bb7
1 parent 77628f6
commit 7e71bb7
Show file tree

Hide file tree

Showing 3 changed files with 38 additions and 0 deletions.
diff --git a/README.md b/README.md
@@ -74,6 +74,7 @@ See [REFERENCE.md](./REFERENCE.md) for all other reference documentation.
                                 hash
   * **defaultgateway**       -  Return the default gateway of the system
   * **defaultgatewayiface**  -  Return the default gw interface of the system
+  * **efi_enabled**          -  Returns true if the system is using EFI
   * **fips_ciphers**         -  Returns a list of available OpenSSL ciphers
   * **fips_enabled**         -  Determine whether FIPS is enabled on this system
   * **fullrun**              -  Determine whether to do an intensive run
@@ -91,6 +92,7 @@ See [REFERENCE.md](./REFERENCE.md) for all other reference documentation.
   * **root_dir_uuid**        -  Return the UUID of the partition holding the
                                 `/` directory
   * **runlevel**             -  Return the current system runlevel
+  * **secure_boot_enabled**  -  Returns true if the host is using uEFI Secure Boot
   * **shmall**               -  Return the value of shmall from sysctl
   * **simplib__firewalls**   -  Return an array of known firewall commands that
                                 are present on the system.

diff --git a/lib/facter/efi.rb b/lib/facter/efi.rb
@@ -0,0 +1,11 @@
+# _Description_
+#
+# Return true if system booted via EFI
+#
+if Facter.value(:kernel).downcase == "linux" then
+  Facter.add("efi_enabled") do
+    setcode do
+      File.exist?('/sys/firmware/efi')
+    end
+  end
+end
diff --git a/lib/facter/secure_boot_enabled.rb b/lib/facter/secure_boot_enabled.rb
@@ -0,0 +1,25 @@
+# _Description_
+#
+# Return true if system booted via uEFI Secure Boot
+#
+if Facter.value(:kernel).downcase == "linux" then
+  Facter.add("secure_boot_enabled") do
+    setcode do
+      if File.exist?('/sys/firmware/efi')
+        Dir.glob('/sys/firmware/efi/efivars/SecureBoot-*').each do | file |
+          File.open(file, 'r') do | hexcode |
+            hexcode.read(4)
+            code = hexcode.read(16).unpack('H*').first.to_i
+            if code == 1
+              true
+            else
+              false
+            end
+          end
+        end
+      else
+        false
+      end
+    end
+  end
+end