Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id B81C5C433EF for ; Tue, 11 Jan 2022 05:17:32 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S238818AbiAKFRb (ORCPT ); Tue, 11 Jan 2022 00:17:31 -0500 Received: from mail-4319.protonmail.ch ([185.70.43.19]:21215 "EHLO mail-4319.protonmail.ch" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S235370AbiAKFRa (ORCPT ); Tue, 11 Jan 2022 00:17:30 -0500 Date: Tue, 11 Jan 2022 05:17:26 +0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=protonmail.com; s=protonmail2; t=1641878248; bh=cYRvPsRTbr0F5Cm8cyAJ/mKD2RTDDw1A0v/DzkSatCQ=; h=Date:To:From:Cc:Reply-To:Subject:Message-ID:In-Reply-To: References:From:To:Cc; b=hfA0/CRWFAyhXB6BLEJDd9HBXjUactsFBPdCpKVcrjAIcVgNcJdyx23xz9Qnfgt32 xCpqb0/AG5DkIoQtsv5BKLz1FlHTRkEYAtH0Hv3eMq4VU/4bLd+g2nnEu0I1RVE4vV eO9OhuE1P3k2YfmFADDyrSKNeJK++Udxr+rOXa8DVpQEgyeSRaqRBumIA5IP0yBxZP iHvL1DmNDI5cnVCptXkqDgOqRDJLjOhpSGx5NoXXuhH+PsMGW6dZaciDjWLgw7Gp9E fGFloNx5Ajo3dciUiAkv5oMv/n84HymBdIl6g41/EGrlgPREUuKARGxloPqzK2Z9Sc rbxR5qC1VlJ2w== To: Ard Biesheuvel From: Orlando Chamberlain Cc: Aditya Garg , "jk@ozlabs.org" , Linus Torvalds , "linux-efi@vger.kernel.org" , Linux Kernel Mailing List , Aun-Ali Zaidi Reply-To: Orlando Chamberlain Subject: Re: [BUG][SEVERE] Enabling EFI runtime services causes panics in the T2 security chip on Macs equipped with it. Message-ID: <20220111051717.25b86946@localhost> In-Reply-To: References: <6D757C75-65B1-468B-842D-10410081A8E4@live.com> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Tue, 11 Jan 2022 04:45:35 +1100 "Ard Biesheuvel" wrote: > On Mon, 10 Jan 2022 at 17:37, Ard Biesheuvel wrote: > > > > On Mon, 10 Jan 2022 at 17:28, Aditya Garg > > wrote: =20 > ... > > > >> > > > >> This seems to be triggered by EFI_QUERY_VARIABLE_INFO here > > > >> =20 > > > > > > > > This is interesting. QueryVariableInfo() was introduced in EFI > > > > 2.00, and for a very long time, Intel MACs would claim to > > > > implement EFI 1.10 only. This means Linux would never attempt > > > > to use QueryVariableInfo() on such platforms. > > > > > > > > Can you please check your boot log which revision it claims to > > > > implement now? > > > > > > > > Mine says > > > > > > > > efi: EFI v1.10 by Apple =20 > > > > > > Mine says > > > > > > efi: EFI v2.40 by Apple > > > =20 >=20 > Can you check whether things work as before after applying the change > below? >=20 > diff --git a/arch/x86/platform/efi/efi.c b/arch/x86/platform/efi/efi.c > index 147c30a81f15..d7203355cc69 100644 > --- a/arch/x86/platform/efi/efi.c > +++ b/arch/x86/platform/efi/efi.c > @@ -399,7 +399,7 @@ static int __init efi_systab_init(unsigned long > phys) efi_nr_tables =3D systab32->nr_tables; > } >=20 > - efi.runtime_version =3D hdr->revision; > + efi.runtime_version =3D EFI_1_10_SYSTEM_TABLE_REVISION; >=20 > efi_systab_report_header(hdr, efi_fw_vendor); > early_memunmap(p, size); This patch works for me, I was able to use `efibootmgr -t 2` without panics and the change to the boot timeout value persisted after a reboot. (I don't think the Apple firmware would actually use this timeout value for a timeout time, but it is an nvram vairable that i was able to write to) efi: EFI v2.40 by Apple efi: ACPI=3D0x7affe000 ACPI 2.0=3D0x7affe014 SMBIOS=3D0x7aed0000 SMBIOS 3.0= =3D0x7aece000=20 SMBIOS 3.1.1 present. DMI: Apple Inc. MacBookPro16,1/Mac-E1008331FDC96864, BIOS 1715.60.5.0.0 (iB= ridge: 19.16.10647.0.0,0) 11/16/2021 ("iBridge" might be something to use for a quirk, as it should cover all Macs with the T2 chip) --=20