Make UEFI boot safe and remove GRUB logo

iso/builder/build.sh

@@ -731,12 +731,12 @@ write_canonical_grub_cfg() {
 source /boot/grub/config.cfg
 
 menuentry "EASY-BEE" {
-    linux   ${kernel} ${append_live} bee.display=kms bee.nvidia.mode=normal pci=realloc net.ifnames=0 biosdevname=0 mitigations=off transparent_hugepage=always numa_balancing=disable pcie_aspm=off intel_idle.max_cstate=1 processor.max_cstate=1 nowatchdog nosoftlockup
+    linux   ${kernel} ${append_live} nomodeset bee.nvidia.mode=normal pci=realloc net.ifnames=0 biosdevname=0 mitigations=off transparent_hugepage=always numa_balancing=disable pcie_aspm=off intel_idle.max_cstate=1 processor.max_cstate=1 nowatchdog nosoftlockup
     initrd  ${initrd}
 }
 
 menuentry "EASY-BEE -- load to RAM (toram)" {
-    linux   ${kernel} ${append_live} toram bee.display=kms bee.nvidia.mode=normal pci=realloc net.ifnames=0 biosdevname=0 mitigations=off transparent_hugepage=always numa_balancing=disable pcie_aspm=off intel_idle.max_cstate=1 processor.max_cstate=1 nowatchdog nosoftlockup
+    linux   ${kernel} ${append_live} toram nomodeset bee.nvidia.mode=normal pci=realloc net.ifnames=0 biosdevname=0 mitigations=off transparent_hugepage=always numa_balancing=disable pcie_aspm=off intel_idle.max_cstate=1 processor.max_cstate=1 nowatchdog nosoftlockup
     initrd  ${initrd}
 }
 
@@ -841,6 +841,73 @@ enforce_live_build_bootloader_assets() {
             echo "bootloader sync: WARNING: could not extract live entry from $isolinux_cfg" >&2
         fi
     fi
+
+    sync_efi_grub_theme_assets "$lb_dir"
+}
+
+fat_image_has_file() {
+    img="$1"
+    path="$2"
+    mtype -i "$img" "$path" >/dev/null 2>&1
+}
+
+is_efi_grub_fat_image() {
+    img="$1"
+    fat_image_has_file "$img" "::/EFI/boot/grubx64.efi" || return 1
+    fat_image_has_file "$img" "::/boot/grub/grub.cfg" || return 1
+    return 0
+}
+
+copy_file_to_fat_image() {
+    img="$1"
+    src="$2"
+    dst="$3"
+    mcopy -o -i "$img" "$src" "$dst" >/dev/null
+}
+
+sync_efi_grub_theme_assets() {
+    lb_dir="$1"
+    found=0
+
+    for img in $(find "$lb_dir" -type f \( -name '*.img' -o -name '*.ima' -o -name '*.fat' \) 2>/dev/null); do
+        if ! is_efi_grub_fat_image "$img"; then
+            continue
+        fi
+        found=1
+        echo "bootloader sync: patching EFI GRUB image $img"
+        mmd -i "$img" "::/boot" >/dev/null 2>&1 || true
+        mmd -i "$img" "::/boot/grub" >/dev/null 2>&1 || true
+        mmd -i "$img" "::/boot/grub/live-theme" >/dev/null 2>&1 || true
+
+        copy_file_to_fat_image "$img" "${BUILDER_DIR}/config/bootloaders/grub-efi/config.cfg" "::/boot/grub/config.cfg"
+        copy_file_to_fat_image "$img" "${BUILDER_DIR}/config/bootloaders/grub-efi/theme.cfg" "::/boot/grub/theme.cfg"
+        for asset in "${BUILDER_DIR}"/config/bootloaders/grub-efi/live-theme/*; do
+            [ -f "$asset" ] || continue
+            copy_file_to_fat_image "$img" "$asset" "::/boot/grub/live-theme/"
+        done
+
+        fat_image_has_file "$img" "::/boot/grub/config.cfg" || {
+            echo "ERROR: EFI GRUB image missing /boot/grub/config.cfg after sync: $img" >&2
+            exit 1
+        }
+        fat_image_has_file "$img" "::/boot/grub/theme.cfg" || {
+            echo "ERROR: EFI GRUB image missing /boot/grub/theme.cfg after sync: $img" >&2
+            exit 1
+        }
+        fat_image_has_file "$img" "::/boot/grub/live-theme/theme.txt" || {
+            echo "ERROR: EFI GRUB image missing /boot/grub/live-theme/theme.txt after sync: $img" >&2
+            exit 1
+        }
+        fat_image_has_file "$img" "::/boot/grub/live-theme/bee-logo.tga" || {
+            echo "ERROR: EFI GRUB image missing /boot/grub/live-theme/bee-logo.tga after sync: $img" >&2
+            exit 1
+        }
+    done
+
+    if [ "$found" != "1" ]; then
+        echo "ERROR: no EFI GRUB FAT image found in live-build workdir; cannot sync theme assets" >&2
+        exit 1
+    fi
 }
 
 copy_memtest_from_deb() {

iso/builder/config/bootloaders/grub-efi/config.cfg

@@ -8,7 +8,7 @@ else
 fi
 
 if loadfont $font ; then
-    set gfxmode=1920x1080,1280x1024,auto
+    set gfxmode=1280x1024,auto
     set gfxpayload=keep
     insmod efi_gop
     insmod efi_uga

iso/builder/config/bootloaders/grub-efi/grub.cfg

@@ -1,12 +1,12 @@
 source /boot/grub/config.cfg
 
 menuentry "EASY-BEE" {
-    linux   @KERNEL_LIVE@ @APPEND_LIVE@ bee.display=kms bee.nvidia.mode=normal pci=realloc net.ifnames=0 biosdevname=0 mitigations=off transparent_hugepage=always numa_balancing=disable pcie_aspm=off intel_idle.max_cstate=1 processor.max_cstate=1 nowatchdog nosoftlockup
+    linux   @KERNEL_LIVE@ @APPEND_LIVE@ nomodeset bee.nvidia.mode=normal pci=realloc net.ifnames=0 biosdevname=0 mitigations=off transparent_hugepage=always numa_balancing=disable pcie_aspm=off intel_idle.max_cstate=1 processor.max_cstate=1 nowatchdog nosoftlockup
     initrd  @INITRD_LIVE@
 }
 
 menuentry "EASY-BEE -- load to RAM (toram)" {
-    linux   @KERNEL_LIVE@ @APPEND_LIVE@ toram bee.display=kms bee.nvidia.mode=normal pci=realloc net.ifnames=0 biosdevname=0 mitigations=off transparent_hugepage=always numa_balancing=disable pcie_aspm=off intel_idle.max_cstate=1 processor.max_cstate=1 nowatchdog nosoftlockup
+    linux   @KERNEL_LIVE@ @APPEND_LIVE@ toram nomodeset bee.nvidia.mode=normal pci=realloc net.ifnames=0 biosdevname=0 mitigations=off transparent_hugepage=always numa_balancing=disable pcie_aspm=off intel_idle.max_cstate=1 processor.max_cstate=1 nowatchdog nosoftlockup
     initrd  @INITRD_LIVE@
 }
 

iso/builder/config/bootloaders/grub-efi/live-theme/theme.txt

@@ -5,13 +5,6 @@ title-text: ""
 message-font: "Unifont Regular 16"
 terminal-font: "Unifont Regular 16"
 
-#bee logo - centered, upper third of screen
-+ image {
-        top = 4%
-        left = 50%-200
-        file = "bee-logo.tga"
-}
-
 #help bar at the bottom
 + label {
         top = 100%-50