From 0d2d9446b6dbc70ceedf7d70290641f22a253407 Mon Sep 17 00:00:00 2001
From: kellyyeh <kellyyeh@microsoft.com>
Date: Sat, 4 Mar 2023 00:56:00 +0000
Subject: [PATCH 1/2] Fix non-zero status exit on non secure boot

---
 scripts/fast-reboot | 15 +++++++++++----
 1 file changed, 11 insertions(+), 4 deletions(-)

diff --git a/scripts/fast-reboot b/scripts/fast-reboot
index 5e7cc34bc9..9ef65508d4 100755
--- a/scripts/fast-reboot
+++ b/scripts/fast-reboot
@@ -614,11 +614,18 @@ if is_secureboot && grep -q aboot_machine= /host/machine.conf; then
     load_aboot_secureboot_kernel
 else
     # check if secure boot is enable in UEFI 
-    SECURE_UPGRADE_ENABLED=$(bootctl status 2>/dev/null | grep -c "Secure Boot: enabled")
-    if [ ${SECURE_UPGRADE_ENABLED} -eq 1 ]; then
-        load_kernel_secure
+    CHECK_SECURE_UPGRADE_ENABLED=0
+    SECURE_UPGRADE_ENABLED=$(bootctl status 2>/dev/null | grep -c "Secure Boot: enabled" || true) || CHECK_SECURE_UPGRADE_ENABLED=$?
+    if [[ CHECK_SECURE_UPGRADE_ENABLED -ne 0 ]]; then
+        error "CHECK_SECURE_UPGRADE_ENABLED failed"
     else
-        load_kernel
+        if [[ ${SECURE_UPGRADE_ENABLED} -eq 1 ]]; then
+            debug "Loading kernel with secure boot"
+            load_kernel_secure
+        else
+            debug "Loading kernel without secure boot"
+            load_kernel
+        fi
     fi
 fi
 

From 68525ab475f5818ffecfa66c660ec67fad9a3e80 Mon Sep 17 00:00:00 2001
From: kellyyeh <kellyyeh@microsoft.com>
Date: Mon, 6 Mar 2023 23:09:51 +0000
Subject: [PATCH 2/2] Address PR comment

---
 scripts/fast-reboot | 14 +++++---------
 1 file changed, 5 insertions(+), 9 deletions(-)

diff --git a/scripts/fast-reboot b/scripts/fast-reboot
index 9ef65508d4..e3188e9027 100755
--- a/scripts/fast-reboot
+++ b/scripts/fast-reboot
@@ -615,17 +615,13 @@ if is_secureboot && grep -q aboot_machine= /host/machine.conf; then
 else
     # check if secure boot is enable in UEFI 
     CHECK_SECURE_UPGRADE_ENABLED=0
-    SECURE_UPGRADE_ENABLED=$(bootctl status 2>/dev/null | grep -c "Secure Boot: enabled" || true) || CHECK_SECURE_UPGRADE_ENABLED=$?
+    SECURE_UPGRADE_ENABLED=$(bootctl status 2>/dev/null | grep -c "Secure Boot: enabled") || CHECK_SECURE_UPGRADE_ENABLED=$?
     if [[ CHECK_SECURE_UPGRADE_ENABLED -ne 0 ]]; then
-        error "CHECK_SECURE_UPGRADE_ENABLED failed"
+        debug "Loading kernel without secure boot"
+        load_kernel
     else
-        if [[ ${SECURE_UPGRADE_ENABLED} -eq 1 ]]; then
-            debug "Loading kernel with secure boot"
-            load_kernel_secure
-        else
-            debug "Loading kernel without secure boot"
-            load_kernel
-        fi
+        debug "Loading kernel with secure boot"
+        load_kernel_secure
     fi
 fi