20_linux_xen: Do not load XSM policy in non-XSM options

For complicated reasons, even if you have XSM/FLASK disabled (as is
the default) the Xen build system still builds a policy file and puts
it in /boot.

Even so, we shouldn't be loading this in the usual non-"XSM enabled"
entries.  It doesn't do any particular harm but it is quite confusing.

Signed-off-by: Ian Jackson <ian.jackson@eu.citrix.com>
Bug-Debian: https://bugs.debian.org/961673
Last-Update: 2020-05-29

Patch-Name: xen-no-xsm-policy-in-non-xsm-options.patch

Gbp-Pq: Name xen-no-xsm-policy-in-non-xsm-options.patch

diff --git a/util/grub.d/20_linux_xen.in b/util/grub.d/20_linux_xen.in
index fff658776cc62ab51cd99195fbcb8deb6bdb633c..a0c2d71f044255ff7af150a5e104ae124db75cca 100644 (file)
--- a/util/grub.d/20_linux_xen.in
+++ b/util/grub.d/20_linux_xen.in
@@ -173,7 +173,7 @@ EOF
 EOF
     done
   fi
-  if test -n "${xenpolicy}" ; then
+  if ${xsm} && test -n "${xenpolicy}" ; then
     message="$(gettext_printf "Loading XSM policy ...")"
     sed "s/^/$submenu_indentation/" << EOF
        echo    '$(echo "$message" | grub_quote)'