diff options
author | Jan Janssen <medhefgo@web.de> | 2019-09-15 16:12:03 +0200 |
---|---|---|
committer | Jan Janssen <medhefgo@web.de> | 2019-10-30 17:47:50 +0100 |
commit | 391719682bf68134b01cf422eb92e3ec4686fa7b (patch) | |
tree | f19c4a31f224b4d486b9b8d9e693c674b5006a93 | |
parent | 9ea4d81c12e8a3f7ee081f9eac7e77256f43b7b0 (diff) | |
download | systemd-391719682bf68134b01cf422eb92e3ec4686fa7b.tar.gz |
sd-boot: Don't loudly complain if RNG protocol isn't available
Fixes #13503
-rw-r--r-- | src/boot/efi/random-seed.c | 27 |
1 files changed, 6 insertions, 21 deletions
diff --git a/src/boot/efi/random-seed.c b/src/boot/efi/random-seed.c index 4141ee01b2..cc747993b8 100644 --- a/src/boot/efi/random-seed.c +++ b/src/boot/efi/random-seed.c @@ -23,14 +23,10 @@ static EFI_STATUS acquire_rng(UINTN size, VOID **ret) { /* Try to acquire the specified number of bytes from the UEFI RNG */ err = LibLocateProtocol((EFI_GUID*) &rng_protocol_guid, (VOID**) &rng); - if (EFI_ERROR(err)) { - Print(L"Failed to acquire RNG protocol: %r\n", err); + if (EFI_ERROR(err)) return err; - } - if (!rng) { - /* Print(L"RNG protocol not available.\n"); */ + if (!rng) return EFI_UNSUPPORTED; - } data = AllocatePool(size); if (!data) @@ -233,36 +229,25 @@ EFI_STATUS process_random_seed(EFI_FILE *root_dir, RandomSeedMode mode) { validate_sha256(); - if (mode == RANDOM_SEED_OFF) { - /* Print(L"Random seed handling turned off.\n"); */ + if (mode == RANDOM_SEED_OFF) return EFI_NOT_FOUND; - } /* Let's better be safe than sorry, and for now disable this logic in SecureBoot mode, so that we * don't credit a random seed that is not authenticated. */ - if (secure_boot_enabled()) { - /* Print(L"Not loading random seed, because we are in SecureBoot mode.\n"); */ + if (secure_boot_enabled()) return EFI_NOT_FOUND; - } /* Get some system specific seed that the installer might have placed in an EFI variable. We include * it in our hash. This is protection against golden master image sloppiness, and it remains on the * system, even when disk images are duplicated or swapped out. */ err = acquire_system_token(&system_token, &system_token_size); - if (mode != RANDOM_SEED_ALWAYS) { - /* if (err == EFI_NOT_FOUND) */ - /* Print(L"Not loading random seed, because no system token is set.\n"); */ - if (EFI_ERROR(err)) - return err; /* in all other error cases we already logged */ - } + if (mode != RANDOM_SEED_ALWAYS && EFI_ERROR(err)) + return err; err = uefi_call_wrapper(root_dir->Open, 5, root_dir, &handle, L"\\loader\\random-seed", EFI_FILE_MODE_READ|EFI_FILE_MODE_WRITE, 0ULL); if (EFI_ERROR(err)) { if (err != EFI_NOT_FOUND) Print(L"Failed to open random seed file: %r\n", err); - /* else */ - /* Print(L"Not loading random seed, because there is none.\n"); */ - return err; } |