2025-09-21 12:54:44 +02:00
4 changed files with 32 additions and 19 deletions
--- a/.mkosi/mkosi.fedora
+++ b/.mkosi/mkosi.fedora
@ -5,7 +5,7 @@

 [Distribution]
 Distribution=fedora
-Release=31
+Release=30

 [Output]
 Format=raw_btrfs
--- a/src/boot/efi/boot.c
+++ b/src/boot/efi/boot.c
@ -515,6 +515,7 @@ static BOOLEAN menu_run(
        BOOLEAN exit = FALSE;
        BOOLEAN run = TRUE;
        BOOLEAN wait = FALSE;
+        BOOLEAN cleared_screen = FALSE;

        graphics_mode(FALSE);
        uefi_call_wrapper(ST->ConIn->Reset, 2, ST->ConIn, FALSE);
@ -526,13 +527,16 @@ static BOOLEAN menu_run(

        if (config->console_mode_change != CONSOLE_MODE_KEEP) {
                err = console_set_mode(&config->console_mode, config->console_mode_change);
-                if (EFI_ERROR(err)) {
-                        uefi_call_wrapper(ST->ConOut->ClearScreen, 1, ST->ConOut);
-                        Print(L"Error switching console mode to %ld: %r.\r", (UINT64)config->console_mode, err);
+                if (!EFI_ERROR(err))
+                        cleared_screen = TRUE;
        }
-        } else
+
+        if (!cleared_screen)
                uefi_call_wrapper(ST->ConOut->ClearScreen, 1, ST->ConOut);

+        if (config->console_mode_change != CONSOLE_MODE_KEEP && EFI_ERROR(err))
+                Print(L"Error switching console mode to %ld: %r.\r", (UINT64)config->console_mode, err);
+
        err = uefi_call_wrapper(ST->ConOut->QueryMode, 4, ST->ConOut, ST->ConOut->Mode->Mode, &x_max, &y_max);
        if (EFI_ERROR(err)) {
                x_max = 80;
--- a/src/boot/efi/meson.build
+++ b/src/boot/efi/meson.build
@ -113,6 +113,7 @@ if have_gnu_efi
                        '-Wextra',
                        '-std=gnu90',
                        '-nostdinc',
+                        '-ggdb', '-O0',
                        '-fpic',
                        '-fshort-wchar',
                        '-ffreestanding',
@ -137,13 +138,6 @@ if have_gnu_efi
        if get_option('werror') == true
                compile_args += ['-Werror']
        endif
-        if get_option('buildtype') == 'debug'
-                compile_args += ['-ggdb', '-O0']
-        elif get_option('buildtype') == 'debugoptimized'
-                compile_args += ['-ggdb', '-Og']
-        else
-                compile_args += ['-O2']
-        endif

        efi_ldflags = ['-T',
                       join_paths(efi_ldsdir, arch_lds),
--- a/src/boot/efi/random-seed.c
+++ b/src/boot/efi/random-seed.c
@ -23,10 +23,14 @@ static EFI_STATUS acquire_rng(UINTN size, VOID **ret) {
        /* Try to acquire the specified number of bytes from the UEFI RNG */

        err = LibLocateProtocol((EFI_GUID*) &rng_protocol_guid, (VOID**) &rng);
-        if (EFI_ERROR(err))
+        if (EFI_ERROR(err)) {
+                Print(L"Failed to acquire RNG protocol: %r\n", err);
                return err;
-        if (!rng)
+        }
+        if (!rng) {
+                /* Print(L"RNG protocol not available.\n"); */
                return EFI_UNSUPPORTED;
+        }

        data = AllocatePool(size);
        if (!data)
@ -229,25 +233,36 @@ EFI_STATUS process_random_seed(EFI_FILE *root_dir, RandomSeedMode mode) {

        validate_sha256();

-        if (mode == RANDOM_SEED_OFF)
+        if (mode == RANDOM_SEED_OFF) {
+                /* Print(L"Random seed handling turned off.\n"); */
                return EFI_NOT_FOUND;
+        }

        /* Let's better be safe than sorry, and for now disable this logic in SecureBoot mode, so that we
         * don't credit a random seed that is not authenticated. */
-        if (secure_boot_enabled())
+        if (secure_boot_enabled()) {
+                /* Print(L"Not loading random seed, because we are in SecureBoot mode.\n"); */
                return EFI_NOT_FOUND;
+        }

        /* Get some system specific seed that the installer might have placed in an EFI variable. We include
         * it in our hash. This is protection against golden master image sloppiness, and it remains on the
         * system, even when disk images are duplicated or swapped out. */
        err = acquire_system_token(&system_token, &system_token_size);
-        if (mode != RANDOM_SEED_ALWAYS && EFI_ERROR(err))
-                return err;
+        if (mode != RANDOM_SEED_ALWAYS) {
+                /* if (err == EFI_NOT_FOUND) */
+                /*         Print(L"Not loading random seed, because no system token is set.\n"); */
+                if (EFI_ERROR(err))
+                        return err; /* in all other error cases we already logged */
+        }

        err = uefi_call_wrapper(root_dir->Open, 5, root_dir, &handle, L"\\loader\\random-seed", EFI_FILE_MODE_READ|EFI_FILE_MODE_WRITE, 0ULL);
        if (EFI_ERROR(err)) {
                if (err != EFI_NOT_FOUND)
                        Print(L"Failed to open random seed file: %r\n", err);
+                /* else */
+                /*         Print(L"Not loading random seed, because there is none.\n"); */
+
                return err;
        }