mkosi: disable secure boot check as GHA cannot enable it due to hyperv bug

bluca · bluca · commit a0c6f5430e97 · 2025-03-05T14:52:08.000Z
(cherry picked from commit 87acfc7)
diff --git a/mkosi.presets/20-final/mkosi.extra/usr/lib/systemd/mkosi-check-and-shutdown.sh b/mkosi.presets/20-final/mkosi.extra/usr/lib/systemd/mkosi-check-and-shutdown.sh
@@ -7,13 +7,14 @@ systemctl reset-failed systemd-vconsole-setup.service
 systemctl --failed --no-legend | tee /failed-services
 
 # Check that secure boot keys were properly enrolled.
-if ! systemd-detect-virt --container; then
-    cmp /sys/firmware/efi/efivars/SecureBoot-8be4df61-93ca-11d2-aa0d-00e098032b8c <(printf '\6\0\0\0\1')
-    cmp /sys/firmware/efi/efivars/SetupMode-8be4df61-93ca-11d2-aa0d-00e098032b8c <(printf '\6\0\0\0\0')
+# TODO: re-enable once secureboot can be enabled on nested kvm on hyperv without crashing qemu
+# if ! systemd-detect-virt --container; then
+    # cmp /sys/firmware/efi/efivars/SecureBoot-8be4df61-93ca-11d2-aa0d-00e098032b8c <(printf '\6\0\0\0\1')
+    # cmp /sys/firmware/efi/efivars/SetupMode-8be4df61-93ca-11d2-aa0d-00e098032b8c <(printf '\6\0\0\0\0')
     # TODO: Figure out why this is failing
     # grep -q this_should_be_here /proc/cmdline
     # grep -q this_should_not_be_here /proc/cmdline && exit 1
-fi
+# fi
 
 # Exit with non-zero EC if the /failed-services file is not empty (we have -e set)
 [[ ! -s /failed-services ]]
