20_linux_xen: Do not load XSM policy in non-XSM options

For complicated reasons, even if you have XSM/FLASK disabled (as is
the default) the Xen build system still builds a policy file and puts
it in /boot.

Even so, we shouldn't be loading this in the usual non-"XSM enabled"
entries.  It doesn't do any particular harm but it is quite confusing.

Signed-off-by: Ian Jackson <ian.jackson@eu.citrix.com>
Bug-Debian: https://bugs.debian.org/961673
Last-Update: 2020-05-29

Patch-Name: xen-no-xsm-policy-in-non-xsm-options.patch

Gbp-Pq: Name xen-no-xsm-policy-in-non-xsm-options.patch

diff --git a/util/grub.d/20_linux_xen.in b/util/grub.d/20_linux_xen.in
index 5c93c995f1e0a853fd76e263057fe0a08908a492..e73e96f81d51d6b24adca4b77a8e219e875f25cf 100644 (file)
--- a/util/grub.d/20_linux_xen.in
+++ b/util/grub.d/20_linux_xen.in
@@ -168,7 +168,7 @@ EOF
 EOF
     done
   fi
-  if test -n "${xenpolicy}" ; then
+  if ${xsm} && test -n "${xenpolicy}" ; then
     message="$(gettext_printf "Loading XSM policy ...")"
     sed "s/^/$submenu_indentation/" << EOF
        echo    '$(echo "$message" | grub_quote)'