From af694ec0d0133573719b6848b6d9b6dfc1e3a18e Mon Sep 17 00:00:00 2001
From: Tim Crawford <tcrawford@system76.com>
Date: Mon, 8 Jul 2024 10:41:11 -0600
Subject: [PATCH] Revert "security: Only show prompt when unlocking"

This reverts commit 771911adf978c52133ce1a344020819228a35a70.

The EC will already be set to unlocked at this point, so the prompt
must be run even when in the "Unlock" state. This is fine, as the
prompt is for physical present detection.

Signed-off-by: Tim Crawford <tcrawford@system76.com>
---
 src/security.rs | 11 ++++++++---
 1 file changed, 8 insertions(+), 3 deletions(-)

diff --git a/src/security.rs b/src/security.rs
index eae60e5..1fbdc04 100644
--- a/src/security.rs
+++ b/src/security.rs
@@ -272,13 +272,18 @@ extern "efiapi" fn run() -> bool {
         }
     };
 
-    debugln!("security state: {:?}", security_state);
+    // The EC will already be set to unlocked at this point, so the prompt
+    // must be run even when in the "Unlock" state. This is fine, as the
+    // prompt is for physical present detection.
 
-    // Only show prompt when unlocking
-    if security_state != SecurityState::PrepareUnlock {
+    debugln!("security state: {:?}", security_state); 
+    if security_state == SecurityState::Lock {
+        // Already locked, so do not confirm
         return false;
     }
 
+    // Not locked, require confirmation
+
     let res = match Output::one() {
         Ok(output) => {
             let mut display = Display::new(output);