From 240f18e5bd5a64a7f8706cbec23b1a1593c04d71 Mon Sep 17 00:00:00 2001
From: abalfoort <arjenbalfoort@hotmail.com>
Date: Fri, 23 Jun 2023 15:56:02 +0200
Subject: [PATCH] Show/hide "Boot partition not encrypted" warning

---
 src/modules/partition/Config.cpp            |  1 +
 src/modules/partition/Config.h              |  6 +++
 src/modules/partition/PartitionViewStep.cpp | 43 ++++++++++++---------
 src/modules/partition/partition.conf        |  9 +++++
 src/modules/partition/partition.schema.yaml |  1 +
 5 files changed, 41 insertions(+), 19 deletions(-)

diff --git a/src/modules/partition/Config.cpp b/src/modules/partition/Config.cpp
index 4519bd278..ca1e89f7c 100644
--- a/src/modules/partition/Config.cpp
+++ b/src/modules/partition/Config.cpp
@@ -412,6 +412,7 @@ Config::setConfigurationMap( const QVariantMap& configurationMap )
     m_allowZfsEncryption = CalamaresUtils::getBool( configurationMap, "allowZfsEncryption", true );
 
     m_allowManualPartitioning = CalamaresUtils::getBool( configurationMap, "allowManualPartitioning", true );
+    m_showNotEncryptedBootMessage = CalamaresUtils::getBool( configurationMap, "showNotEncryptedBootMessage", true );
     m_requiredPartitionTableType = CalamaresUtils::getStringList( configurationMap, "requiredPartitionTableType" );
 
     Calamares::GlobalStorage* gs = Calamares::JobQueue::instance()->globalStorage();
diff --git a/src/modules/partition/Config.h b/src/modules/partition/Config.h
index 0146d1a3e..d8d68c6d2 100644
--- a/src/modules/partition/Config.h
+++ b/src/modules/partition/Config.h
@@ -36,6 +36,8 @@ class Config : public QObject
 
     Q_PROPERTY( bool allowManualPartitioning READ allowManualPartitioning CONSTANT FINAL )
 
+    Q_PROPERTY( bool showNotEncryptedBootMessage READ showNotEncryptedBootMessage CONSTANT FINAL )
+
 public:
     Config( QObject* parent );
     ~Config() override = default;
@@ -146,6 +148,9 @@ public:
     /// @brief Is manual partitioning allowed (not explicitly disabled in the config file)?
     bool allowManualPartitioning() const { return m_allowManualPartitioning; }
 
+    /// @brief Show "Boot partition not encrypted" warning (not explicitly disabled in the config file)?
+    bool showNotEncryptedBootMessage() const { return m_showNotEncryptedBootMessage; }
+
     /** @brief Will @p tableType be ok?
      *
      * If no required types are specified, it's ok, otherwise the
@@ -194,6 +199,7 @@ private:
     QStringList m_requiredPartitionTableType;
     bool m_allowZfsEncryption = true;
     bool m_allowManualPartitioning = true;
+    bool m_showNotEncryptedBootMessage = true;
 };
 
 /** @brief Given a set of swap choices, return a sensible value from it.
diff --git a/src/modules/partition/PartitionViewStep.cpp b/src/modules/partition/PartitionViewStep.cpp
index a95ed0a9a..f4ae5a5ca 100644
--- a/src/modules/partition/PartitionViewStep.cpp
+++ b/src/modules/partition/PartitionViewStep.cpp
@@ -615,27 +615,32 @@ PartitionViewStep::onLeave()
 
             // If the root partition is encrypted, and there's a separate boot
             // partition which is not encrypted
-            if ( ( root_p->fileSystem().type() == FileSystem::Luks && boot_p->fileSystem().type() != FileSystem::Luks )
-                 || ( root_p->fileSystem().type() == FileSystem::Luks2
-                      && boot_p->fileSystem().type() != FileSystem::Luks2 ) )
+            if ( m_config->showNotEncryptedBootMessage() )
             {
-                message = tr( "Boot partition not encrypted" );
-                description = tr( "A separate boot partition was set up together with "
-                                  "an encrypted root partition, but the boot partition "
-                                  "is not encrypted."
-                                  "<br/><br/>"
-                                  "There are security concerns with this kind of "
-                                  "setup, because important system files are kept "
-                                  "on an unencrypted partition.<br/>"
-                                  "You may continue if you wish, but filesystem "
-                                  "unlocking will happen later during system startup."
-                                  "<br/>To encrypt the boot partition, go back and "
-                                  "recreate it, selecting <strong>Encrypt</strong> "
-                                  "in the partition creation window." );
+                if ( ( root_p->fileSystem().type() == FileSystem::Luks
+                       && boot_p->fileSystem().type() != FileSystem::Luks )
+                     || ( root_p->fileSystem().type() == FileSystem::Luks2
+                          && boot_p->fileSystem().type() != FileSystem::Luks2 ) )
+                {
+                    message = tr( "Boot partition not encrypted" );
+                    description = tr( "A separate boot partition was set up together with "
+                                      "an encrypted root partition, but the boot partition "
+                                      "is not encrypted."
+                                      "<br/><br/>"
+                                      "There are security concerns with this kind of "
+                                      "setup, because important system files are kept "
+                                      "on an unencrypted partition.<br/>"
+                                      "You may continue if you wish, but filesystem "
+                                      "unlocking will happen later during system startup."
+                                      "<br/>To encrypt the boot partition, go back and "
+                                      "recreate it, selecting <strong>Encrypt</strong> "
+                                      "in the partition creation window." );
 
-                QMessageBox mb( QMessageBox::Warning, message, description, QMessageBox::Ok, m_manualPartitionPage );
-                Calamares::fixButtonLabels( &mb );
-                mb.exec();
+                    QMessageBox mb(
+                        QMessageBox::Warning, message, description, QMessageBox::Ok, m_manualPartitionPage );
+                    Calamares::fixButtonLabels( &mb );
+                    mb.exec();
+                }
             }
         }
     }
diff --git a/src/modules/partition/partition.conf b/src/modules/partition/partition.conf
index ecd183ca1..70cc54ea9 100644
--- a/src/modules/partition/partition.conf
+++ b/src/modules/partition/partition.conf
@@ -104,6 +104,15 @@ alwaysShowPartitionLabels: true
 # If nothing is specified, manual partitioning is enabled.
 #allowManualPartitioning:   true
 
+# Show not encrypted boot partition warning.
+#
+# When set to false, this option does not show the
+# "Boot partition not encrypted" warning when encrypting the
+# root partition but not /boot partition.
+#
+# If nothing is specified, the warning is shown.
+#showNotEncryptedBootMessage:   true
+
 # Initial selection on the Choice page
 #
 # There are four radio buttons (in principle: erase, replace, alongside, manual),
diff --git a/src/modules/partition/partition.schema.yaml b/src/modules/partition/partition.schema.yaml
index dafdc5851..2d8a05d01 100644
--- a/src/modules/partition/partition.schema.yaml
+++ b/src/modules/partition/partition.schema.yaml
@@ -26,6 +26,7 @@ properties:
     enableLuksAutomatedPartitioning: { type: boolean, default: false }
 
     allowManualPartitioning: { type: boolean, default: true }
+    showNotEncryptedBootMessage: { type: boolean, default: true }
     partitionLayout: { type: array }  # TODO: specify items
     initialPartitioningChoice: { type: string, enum: [ none, erase, replace, alongside, manual ] }
     initialSwapChoice: { type: string, enum: [ none, small, suspend, reuse, file ] }