Skip to main content

nv_redfish/computer_system/
secure_boot.rs

1// SPDX-FileCopyrightText: Copyright (c) 2025 NVIDIA CORPORATION & AFFILIATES. All rights reserved.
2// SPDX-License-Identifier: Apache-2.0
3//
4// Licensed under the Apache License, Version 2.0 (the "License");
5// you may not use this file except in compliance with the License.
6// You may obtain a copy of the License at
7//
8// http://www.apache.org/licenses/LICENSE-2.0
9//
10// Unless required by applicable law or agreed to in writing, software
11// distributed under the License is distributed on an "AS IS" BASIS,
12// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13// See the License for the specific language governing permissions and
14// limitations under the License.
15//! Secure boot.
16
17use crate::schema::redfish::secure_boot::SecureBoot as SecureBootSchema;
18use crate::Error;
19use crate::NvBmc;
20use nv_redfish_core::Bmc;
21use nv_redfish_core::NavProperty;
22use std::convert::identity;
23use std::marker::PhantomData;
24use std::sync::Arc;
25use tagged_types::TaggedType;
26
27#[doc(inline)]
28pub use crate::schema::redfish::secure_boot::SecureBootCurrentBootType;
29
30/// An indication of whether state of secure boot enable
31pub type SecureBootEnable = TaggedType<bool, SecureBootEnableTag>;
32#[doc(hidden)]
33#[derive(tagged_types::Tag)]
34#[implement(Clone, Copy, Hash, PartialEq, Eq, PartialOrd, Ord)]
35#[transparent(Debug, Display, Serialize, Deserialize)]
36#[capability(inner_access)]
37pub enum SecureBootEnableTag {}
38
39/// Secure boot.
40///
41/// Provides functions to access Secure Boot functions.
42pub struct SecureBoot<B: Bmc> {
43    data: Arc<SecureBootSchema>,
44    _marker: PhantomData<B>,
45}
46
47impl<B: Bmc> SecureBoot<B> {
48    /// Create a new secure boot handle.
49    pub(crate) async fn new(
50        bmc: &NvBmc<B>,
51        nav: &NavProperty<SecureBootSchema>,
52    ) -> Result<Self, Error<B>> {
53        nav.get(bmc.as_ref())
54            .await
55            .map_err(crate::Error::Bmc)
56            .map(|data| Self {
57                data,
58                _marker: PhantomData,
59            })
60    }
61
62    /// Get the raw schema data for the Secure boot.
63    #[must_use]
64    pub fn raw(&self) -> Arc<SecureBootSchema> {
65        self.data.clone()
66    }
67
68    /// Get an indication of whether UEFI Secure Boot is enabled.
69    #[must_use]
70    pub fn secure_boot_enable(&self) -> Option<SecureBootEnable> {
71        self.data
72            .secure_boot_enable
73            .and_then(identity)
74            .map(SecureBootEnable::new)
75    }
76
77    /// The UEFI Secure Boot state during the current boot cycle.
78    #[must_use]
79    pub fn secure_boot_current_boot(&self) -> Option<SecureBootCurrentBootType> {
80        self.data.secure_boot_current_boot.and_then(identity)
81    }
82}