From ad5b06da59c11d6def03322992d4e393f8c8972c Mon Sep 17 00:00:00 2001
From: Kroese <kroese@users.noreply.github.com>
Date: Fri, 19 Apr 2024 18:23:28 +0200
Subject: [PATCH] fix: Fall back to secure boot on older installations

---
 src/install.sh | 32 ++++++++++++++++++++++++++++----
 1 file changed, 28 insertions(+), 4 deletions(-)

diff --git a/src/install.sh b/src/install.sh
index c0cc3a5..ca80334 100644
--- a/src/install.sh
+++ b/src/install.sh
@@ -250,8 +250,9 @@ finishInstall() {
     rm -f "$STORAGE/windows.old"
   fi
 
+  # Fall back to secure boot when ISO has not been modified 
   if [[ "$MANUAL" == [Yy1]* ]] || [[ "$aborted" == [Yy1]* ]]; then
-    [[ "${DETECTED,,}" == "win11"* ]] && TPM="Y"
+    [[ "${DETECTED,,}" == "win11"* ]] && BOOT_MODE="windows_secure"
   fi
 
   rm -rf "$TMP"
@@ -1084,9 +1085,7 @@ buildImage() {
   return 0
 }
 
-######################################
-
-if ! startInstall; then
+bootWindows() {
 
   if [ -f "$STORAGE/windows.old" ]; then
     MACHINE=$(<"$STORAGE/windows.old")
@@ -1094,7 +1093,32 @@ if ! startInstall; then
     BOOT_MODE="windows_legacy"
   fi
 
+  local creation="1.10"
+  local minimal="2.14"
+
+  if [ -s "$STORAGE/windows.ver" ]; then
+    creation=$(<"$STORAGE/windows.ver")
+  fi
+
+  # Fall back to secure boot on installations created prior to v2.14
+  if (( $(echo "$creation < $minimal" | bc -l) )); then
+    if [[ "${BOOT_MODE,,}" == "windows" ]] || [[ "${BOOT_MODE,,}" == "windows_plain" ]]; then
+      BOOT_MODE="windows_secure"
+    fi
+  fi
+
   rm -rf "$TMP"
+
+  return 0
+}
+
+######################################
+
+if ! startInstall; then
+  if ! bootWindows; then
+    error "Failed to boot Windows!"
+    exit 68
+  fi
   return 0
 fi