From: Lennart Poettering <lennart@poettering.net>
Date: Tue, 25 Jun 2024 20:45:57 +0000 (+0200)
Subject: stub: split out random seed part out of run()
X-Git-Tag: v257-rc1~1041^2~26
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=201e0d53bdd437dd6c1de81a51503f82442bf27d;p=thirdparty%2Fsystemd.git

stub: split out random seed part out of run()
---

diff --git a/src/boot/efi/stub.c b/src/boot/efi/stub.c
index 1375b884369..eaca1038019 100644
--- a/src/boot/efi/stub.c
+++ b/src/boot/efi/stub.c
@@ -510,6 +510,32 @@ static EFI_STATUS load_addons(
         return EFI_SUCCESS;
 }
 
+static void refresh_random_seed(EFI_LOADED_IMAGE_PROTOCOL *loaded_image) {
+        EFI_STATUS err;
+
+        assert(loaded_image);
+
+        /* Handle case, where bootloader doesn't support DeviceHandle. */
+        if (!loaded_image->DeviceHandle)
+                return;
+
+        uint64_t loader_features = 0;
+        err = efivar_get_uint64_le(MAKE_GUID_PTR(LOADER), u"LoaderFeatures", &loader_features);
+        if (err != EFI_SUCCESS)
+                return;
+
+        /* Don't measure again, if sd-boot already initialized the random seed */
+        if (!FLAGS_SET(loader_features, EFI_LOADER_FEATURE_RANDOM_SEED))
+                return;
+
+        _cleanup_(file_closep) EFI_FILE *esp_dir = NULL;
+        err = partition_open(MAKE_GUID_PTR(ESP), loaded_image->DeviceHandle, NULL, &esp_dir);
+        if (err != EFI_SUCCESS) /* Non-fatal on failure, so that we still boot without it. */
+                return;
+
+        (void) process_random_seed(esp_dir);
+}
+
 static EFI_STATUS run(EFI_HANDLE image) {
         _cleanup_free_ void *credential_initrd = NULL, *global_credential_initrd = NULL, *sysext_initrd = NULL, *confext_initrd = NULL, *pcrsig_initrd = NULL, *pcrpkey_initrd = NULL;
         size_t credential_initrd_size = 0, global_credential_initrd_size = 0, sysext_initrd_size = 0, confext_initrd_size = 0, pcrsig_initrd_size = 0, pcrpkey_initrd_size = 0;
@@ -525,22 +551,13 @@ static EFI_STATUS run(EFI_HANDLE image) {
         int sections_measured = -1, parameters_measured = -1, sysext_measured = -1, confext_measured = -1;
         _cleanup_free_ char *uname = NULL;
         bool m;
-        uint64_t loader_features = 0;
         EFI_STATUS err;
 
         err = BS->HandleProtocol(image, MAKE_GUID_PTR(EFI_LOADED_IMAGE_PROTOCOL), (void **) &loaded_image);
         if (err != EFI_SUCCESS)
                 return log_error_status(err, "Error getting a LoadedImageProtocol handle: %m");
 
-        if (loaded_image->DeviceHandle && /* Handle case, where bootloader doesn't support DeviceHandle. */
-            (efivar_get_uint64_le(MAKE_GUID_PTR(LOADER), u"LoaderFeatures", &loader_features) != EFI_SUCCESS ||
-            !FLAGS_SET(loader_features, EFI_LOADER_FEATURE_RANDOM_SEED))) {
-                _cleanup_(file_closep) EFI_FILE *esp_dir = NULL;
-
-                err = partition_open(MAKE_GUID_PTR(ESP), loaded_image->DeviceHandle, NULL, &esp_dir);
-                if (err == EFI_SUCCESS) /* Non-fatal on failure, so that we still boot without it. */
-                        (void) process_random_seed(esp_dir);
-        }
+        refresh_random_seed(loaded_image);
 
         err = pe_memory_locate_sections(loaded_image->ImageBase, unified_sections, sections);
         if (err != EFI_SUCCESS || !PE_SECTION_VECTOR_IS_SET(sections + UNIFIED_SECTION_LINUX)) {