diff options
Diffstat (limited to '')
| -rw-r--r-- | sys/boot/tpm.nix | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/sys/boot/tpm.nix b/sys/boot/tpm.nix index 196c406..0e29066 100644 --- a/sys/boot/tpm.nix +++ b/sys/boot/tpm.nix @@ -31,7 +31,7 @@ with lib; let ]; text = '' - if [ -z "$YES_I_DO_WANT_TO_SIGN_WITH_SECURE_BOOT_DISABLED" ] && [ "$(sbctl status --json | jq .secure_boot)" != "truee" ]; then + if [ -z "''${YES_I_DO_WANT_TO_SIGN_WITH_SECURE_BOOT_DISABLED:=}" ] && [ "$(sbctl status --json | jq .secure_boot)" != "truee" ]; then echo "$0: bad Secure Boot state, check the output of \`sbctl status\`" >&2 echo "$0: signing a TPM PCR policy with Secure Boot disabled is dangerous" >&2 echo "$0: set 'YES_I_DO_WANT_TO_SIGN_WITH_SECURE_BOOT_DISABLED' to skip this check" >&2 |