From 9b582e12a6c3842c8fa688b66549b643cbc333a8 Mon Sep 17 00:00:00 2001
From: Alexander Larsson <alexl@redhat.com>
Date: Tue, 19 May 2026 11:01:00 +0200
Subject: [PATCH] Only do "booted BIOS with no update" check during actual
 update

This fixes https://github.com/coreos/bootupd/issues/1035 which
introduced this check, but did so in every query_update(). However,
that is called from non-update places too. In particular from
install(), which causes bootc-image-builder to break if used on
non-EFI systems.

Instead we break out the check to a separate component function
query_requires_update() which is only called in the
update-with-missing-component case.
---
 src/bios.rs      | 9 ++++++---
 src/bootupd.rs   | 5 ++++-
 src/component.rs | 5 +++++
 src/efi.rs       | 9 ++++++---
 4 files changed, 21 insertions(+), 7 deletions(-)

diff --git a/src/bios.rs b/src/bios.rs
index f341f994..ce7fc540 100644
--- a/src/bios.rs
+++ b/src/bios.rs
@@ -244,12 +244,15 @@ impl Component for Bios {
     }
 
     fn query_update(&self, sysroot: &openat::Dir) -> Result<Option<ContentMetadata>> {
-        let content_metadata = get_component_update(sysroot, self)?;
+        get_component_update(sysroot, self)
+    }
+
+    fn query_requires_update(&self, sysroot: &openat::Dir) -> Result<()> {
         // Failed as expected if booted with BIOS and no update metadata
-        if content_metadata.is_none() && !sysroot.exists("sys/firmware/efi")? {
+        if !sysroot.exists("sys/firmware/efi")? {
             anyhow::bail!("Failed to find BIOS update metadata");
         }
-        Ok(content_metadata)
+        Ok(())
     }
 
     fn run_update(&self, rootcxt: &RootContext, _: &InstalledContent) -> Result<InstalledContent> {
diff --git a/src/bootupd.rs b/src/bootupd.rs
index e01ce923..99558be9 100644
--- a/src/bootupd.rs
+++ b/src/bootupd.rs
@@ -323,7 +323,10 @@ pub(crate) fn update(name: &str, rootcxt: &RootContext) -> Result<ComponentUpdat
             std::cmp::Ordering::Less => p, // current < available -> upgrade
             _ => return Ok(ComponentUpdateResult::AtLatestVersion),
         },
-        None => return Ok(ComponentUpdateResult::AtLatestVersion),
+        None => {
+            component.query_requires_update(sysroot)?;
+            return Ok(ComponentUpdateResult::AtLatestVersion);
+        }
     };
 
     ensure_writable_boot()?;
diff --git a/src/component.rs b/src/component.rs
index dabcea97..6e148b03 100644
--- a/src/component.rs
+++ b/src/component.rs
@@ -73,6 +73,11 @@ pub(crate) trait Component {
     /// Used on the client to query for an update cached in the current booted OS.
     fn query_update(&self, sysroot: &openat::Dir) -> Result<Option<ContentMetadata>>;
 
+    /// This is called in the update code if query_update() returned no metadata.
+    /// It should return an error if the current booted system should expect some
+    /// metadata for this component.
+    fn query_requires_update(&self, sysroot: &openat::Dir) -> Result<()>;
+
     /// Used on the client to run an update.
     fn run_update(
         &self,
diff --git a/src/efi.rs b/src/efi.rs
index d56e086f..37b4cdb4 100644
--- a/src/efi.rs
+++ b/src/efi.rs
@@ -613,12 +613,15 @@ impl Component for Efi {
     }
 
     fn query_update(&self, sysroot: &openat::Dir) -> Result<Option<ContentMetadata>> {
-        let content_metadata = get_component_update(sysroot, self)?;
+        get_component_update(sysroot, self)
+    }
+
+    fn query_requires_update(&self, _sysroot: &openat::Dir) -> Result<()> {
         // Failed as expected if booted with EFI and no update metadata
-        if content_metadata.is_none() && is_efi_booted()? {
+        if is_efi_booted()? {
             anyhow::bail!("Failed to find EFI update metadata");
         }
-        Ok(content_metadata)
+        Ok(())
     }
 
     fn validate(&self, current: &InstalledContent, device: &Device) -> Result<ValidationResult> {