From 7f53e970fc59460f963ff6fef65a6b6445694f6e Mon Sep 17 00:00:00 2001
From: Adriaan de Groot <groot@kde.org>
Date: Tue, 20 Feb 2018 04:22:35 -0500
Subject: [PATCH] [bootloader] Add secure-boot efiBootLoader

 - add configuration option
 - check for sensible combinations of firmware, bootloader,
   and complain if it isn't.
---
 src/modules/bootloader/bootloader.conf |  5 ++++-
 src/modules/bootloader/main.py         | 14 +++++++++++++-
 2 files changed, 17 insertions(+), 2 deletions(-)

diff --git a/src/modules/bootloader/bootloader.conf b/src/modules/bootloader/bootloader.conf
index 62c240feb..579e53929 100644
--- a/src/modules/bootloader/bootloader.conf
+++ b/src/modules/bootloader/bootloader.conf
@@ -1,6 +1,9 @@
+# Bootloader configuration. The bootloader is installed to allow
+# the system to start (and pick one of the installed operating
+# systems to run).
 ---
 # Define which bootloader you want to use for EFI installations
-# Possible options are 'grub' and 'systemd-boot'.
+# Possible options are 'grub', 'sb-shim' and 'systemd-boot'.
 efiBootLoader: "grub"
 
 # systemd-boot configuration files settings, set kernel and initramfs file names
diff --git a/src/modules/bootloader/main.py b/src/modules/bootloader/main.py
index db062da52..890a98b2f 100644
--- a/src/modules/bootloader/main.py
+++ b/src/modules/bootloader/main.py
@@ -299,6 +299,12 @@ def install_grub(efi_directory, fw_type):
                            "-o", libcalamares.job.configuration["grubCfg"]])
 
 
+def install_secureboot(efi_directory):
+    """
+    Installs the secureboot shim in the system by calling efibootmgr.
+    """
+    raise NotImplementedError
+
 def vfat_correct_case(parent, name):
     for candidate in os.listdir(parent):
         if name.lower() == candidate.lower():
@@ -320,8 +326,14 @@ def prepare_bootloader(fw_type):
 
     if efi_boot_loader == "systemd-boot" and fw_type == "efi":
         install_systemd_boot(efi_directory)
-    else:
+    elif efi_boot_loader == "sb-shim" and fw_type == "efi":
+        install_secureboot(efi_directory)
+    elif efi_boot_loader == "grub" or fw_type != "efi":
         install_grub(efi_directory, fw_type)
+    else:
+        libcalamares.utils.debug( "WARNING: the combination of "
+            "boot-loader '{!s}' and firmware '{!s}' "
+            "is not supported.".format(efi_boot_loader, fw_type) )
 
 
 def run():