Revert "security: Only show prompt when unlocking"

This reverts commit 771911a. The EC will already be set to unlocked at this point, so the prompt must be run even when in the "Unlock" state. This is fine, as the prompt is for physical presence detection. Signed-off-by: Tim Crawford <[email protected]>
system76 · Jul 8, 2024 · 769cb38 · 769cb38
1 parent 1dc803d
commit 769cb38
Showing 1 changed file with 8 additions and 3 deletions.
diff --git a/src/security.rs b/src/security.rs
@@ -272,13 +272,18 @@ extern "efiapi" fn run() -> bool {
         }
     };
 
-    debugln!("security state: {:?}", security_state);
+    // The EC will already be set to unlocked at this point, so the prompt
+    // must be run even when in the "Unlock" state. This is fine, as the
+    // prompt is for physical presence detection.
 
-    // Only show prompt when unlocking
-    if security_state != SecurityState::PrepareUnlock {
+    debugln!("security state: {:?}", security_state); 
+    if security_state == SecurityState::Lock {
+        // Already locked, so do not confirm
         return false;
     }
 
+    // Not locked, require confirmation
+
     let res = match Output::one() {
         Ok(output) => {
             let mut display = Display::new(output);