Received: by 2002:a05:6358:3188:b0:123:57c1:9b43 with SMTP id q8csp418112rwd; Wed, 7 Jun 2023 01:34:12 -0700 (PDT) X-Google-Smtp-Source: ACHHUZ6m0YiBAY/9zp5XPLjZQXbwMpkAiYCuyt0EFM7WuFVjmBg07pRN/Z0MwlD2QoWlSH7vX1fb X-Received: by 2002:a81:6c8c:0:b0:569:f664:411b with SMTP id h134-20020a816c8c000000b00569f664411bmr4868484ywc.30.1686126852185; Wed, 07 Jun 2023 01:34:12 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1686126852; cv=none; d=google.com; s=arc-20160816; b=hAIL5qqP9Jbq/vO54pAGqvDauM7NTBe4p3fuW6ViXkxM+BlYAjvJw4Y59uRPdS0s+A DI7wWANUYhPxZeTmvmkSw6SreBOrsFrTxfSpqGwzwNTYnYVWlsdJ0+fmjfeCDTXrDFq5 CSopXvlTrXC50zdo7Wvmftp17u6HW9BlgFluqTTQF8Awl8ZzMd3KUl+rNhIYpDk3AV4N PKryhK9LrBELCZdK+lAzHlTxJK4FSu4OlWt8nIXFDkza6ZIMaYbCYVTaAfOsxBL4Vxtz QVzsA078AxbmXy0i1+Ful5hzcJjnyXChqG2nY0TLHXZwiUkzHKZ4fxk6puDPHNVtWCMa 0lEg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:subject:message-id:date:from:in-reply-to :references:mime-version:dkim-signature; bh=meqyLpIa2eoOfIkaFe10EGZNXQ4rVkSgK0+HDZ26xns=; b=ATiad5BkdgrAzZ5fo6JK77RHQ3R4b3MD6wogoaLOdWpyArq0Y2uvBBWsPR6K0xis+a ERnFF3iee1Q1p3ejjNoCqzei/94ei16AA4+k5K20FkrCkcwDruswyJI0MVReLaAAt5lo GJ/7x4S/YgVujJheMnZkqOBRxmw218fEzfoLB0xC6iomwMqxV4up8ThjZAbwqsTsELzv +FZ91E52O02Lv0nUlT9/T2TJvtxZIKC59465Bj79itrYGx2etWwGXMpn6a/Jk/mLho3y YYNtQkV+zjhfKIYXHiZwDW7iLrSl+qalz+fwWzaVxM9zoVH9o8LtdE7PH+iSHcOZTHRG pT2g== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=ZF9p5u4h; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id v17-20020a17090a899100b002534f4ce2b6si787106pjn.125.2023.06.07.01.33.58; Wed, 07 Jun 2023 01:34:12 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=ZF9p5u4h; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S238313AbjFGI0V (ORCPT + 99 others); Wed, 7 Jun 2023 04:26:21 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:35892 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S238425AbjFGI0T (ORCPT ); Wed, 7 Jun 2023 04:26:19 -0400 Received: from mail-lj1-x233.google.com (mail-lj1-x233.google.com [IPv6:2a00:1450:4864:20::233]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 05ECB95 for ; Wed, 7 Jun 2023 01:26:18 -0700 (PDT) Received: by mail-lj1-x233.google.com with SMTP id 38308e7fff4ca-2b1b30445cfso64272201fa.1 for ; Wed, 07 Jun 2023 01:26:17 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; t=1686126376; x=1688718376; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=meqyLpIa2eoOfIkaFe10EGZNXQ4rVkSgK0+HDZ26xns=; b=ZF9p5u4hM9PFz+rRCKYlZoTUlbcYIxDgpTVxuZuiVVFOg/LdolKhBWBUAUQKQRa46+ 3DYQkg0hk5CEIO3iWRBEJF4S7DRTfWuXV/UW32si/8CbDvnNN5pQgt/of+kV67Y3jaPP rt4eHEz6FN/vj8pIB6s0uXTdAV6eeaIBamyD1Z5PmuVIkcC0r2W8LHJBo5VktSGZM3Am 3kc67vWS9Ghitg9knI+ULF6FuPOzg1dsiQHth+lH2XdKZSn/a/APkBgq00uutbLXV5Ht t1B5ezcUGlevGxUyo6SMZ1jKBThmmMhZn3adfo363b35EgjK9jxhaZlij6GXxsLBwpja fhZQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1686126376; x=1688718376; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=meqyLpIa2eoOfIkaFe10EGZNXQ4rVkSgK0+HDZ26xns=; b=CN0Mv8uDufTo664U2EhFDIuwwmRWDRz38/lVC2fIZ+ioKTG5n0VK90seZMHuS3Cu6W Dx5ja4wLk5xEcxMg6wVWoB7TYER2nAh7wDEsm8t/olxjqDHYXIMdVuzQkAKJcR74h6/q t9Tue5xkYcHs0DS2mhreoDZoHKgp64gBEgM23kDn7VyiBwi40XaZqfY/wWlwNRvHR3iu eUjT4/JCPHGqSEjjAkqFYOJA3EbOwZvTi/McJpuUOSOKpffnRMuYSXDrnj2Jt9bbf7R2 q09wu+Gx6zuOsK+YF9kP8rQ6g6WZ15SJO/8GhOoymAXOEhr6kOxXvwvvKFTbswHSDiV3 IEHQ== X-Gm-Message-State: AC+VfDyc0gXCcj3+JG/EmvY6lukjYtaULkZDRh7UnGSnWbUUXl+k2BjY nsl7HZ9SjIFFjk2viET0lFhx9ppcG/iIykHi0V5axA== X-Received: by 2002:a2e:8517:0:b0:2a7:75aa:40c with SMTP id j23-20020a2e8517000000b002a775aa040cmr2037906lji.10.1686126376194; Wed, 07 Jun 2023 01:26:16 -0700 (PDT) MIME-Version: 1.0 References: <20230526010748.1222-1-masahisa.kojima@linaro.org> <20230526010748.1222-4-masahisa.kojima@linaro.org> <0d3e0370-eb76-010f-3d30-9acc9b59645c@siemens.com> <4ff09002-e871-38b9-43ec-227a64bac731@siemens.com> In-Reply-To: From: Ilias Apalodimas Date: Wed, 7 Jun 2023 11:25:40 +0300 Message-ID: Subject: Re: [PATCH v5 3/3] efi: Add tee-based EFI variable driver To: Sumit Garg Cc: Jan Kiszka , Ard Biesheuvel , Masahisa Kojima , Jens Wiklander , linux-kernel@vger.kernel.org, op-tee@lists.trustedfirmware.org, Johan Hovold , Maxime Coquelin , Alexandre Torgue , linux-efi@vger.kernel.org, linux-stm32@st-md-mailman.stormreply.com, linux-arm-kernel@lists.infradead.org, "Su, Bao Cheng (RC-CN DF FA R&D)" Content-Type: text/plain; charset="UTF-8" X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_NONE, SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE,URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Hi Sumit, On Wed, 7 Jun 2023 at 10:25, Sumit Garg wrote: > > Hi Ilias, > > On Wed, 7 Jun 2023 at 12:05, Ilias Apalodimas > wrote: > > > > Hi Jan, > > > > [...] > > > > > >>>> > > > > ... > > > >>> > > > >>> I think we have a probe ordering issue with this driver: > > > >>> efivarfs_fill_super() may be called before the TEE bus was probed, thus > > > >>> with the default efivar ops still registered. And that means > > > >>> efivar_supports_writes() will return false, and the fs declares itself > > > >>> as readonly. I've seen systemd mounting it r/o initialling, and you need > > > >>> to remount the fs to enable writability. > > > >>> > > > >>> Is there anything that could be done to re-order things reliably, probe > > > >>> the tee bus earlier etc.? > > > >> > > > >> This driver has a dependency on user-space daemon: tee-supplicant to > > > >> be running for RPMB access. So once you start that daemon the > > > >> corresponding device will be enumerated on the TEE bus and this driver > > > >> probe will be invoked. So I would suggest you to load this daemon very > > > >> early in the boot process or better to make it a part of initramfs. > > > >> > > > > > > > > That is not the point, really. > > > > > > > > If this dependency exists, the code should be aware of that, and made > > > > to work correctly in spite of it. Requiring a module to be part of > > > > initramfs is not a reasonable fix. > > > > > > In fact, I've tested a non-modularized build as well, just to exclude > > > that issue. The daemon dependency is more likely the problem here. > > > > > > > > > > > IIUC, this also means that the efivar ops are updated while there is > > > > already a client. This seems less than ideal as well > > > > As Sumit pointed out, the 'device' won't be available from OP-TEE > > until the supplicant is up and running and as a result, the module > > _probe() function won't run. Unfortunately, this isn't something we > > can avoid since the supplicant is responsible for the RPMB writes. > > The only thing I can think of is moving parts of the supplicant to the > > kernel and wiring up the RPC calls for reading/writing data to the > > eMMC subsystem. There was another discussion here [0] requesting the > > same thing for different reasons. But unless I am missing something > > this won't solve the problem completely either. You still have a > > timing dependency of "when did the RT callbacks change" -- "when was > > my efivarfs mounted". > > With the RPMB writes wired through the kernel [1], the only dependency > left is when do you load the tee-stmm-efi driver to have real EFI > runtime variables support. IMO, tee-stmm-efi driver should be built-in > to support systems without initramfs. The distro installers may choose > to bundle it in initramfs. Do you still see a timing dependency with > this approach? No I don't, this will work reliably without the need to remount the efivarfs. As you point out you will still have this dependency if you end up building them as modules and you manage to mount the efivarfs before those get inserted. Does anyone see a reasonable workaround? Deceiving the kernel and making the bootloader set the RT property bit to force the filesystem being mounted as rw is a nasty hack that we should avoid. Maybe adding a kernel command line parameter that says "Ignore the RTPROP I know what I am doing"? I don't particularly love this either, but it's not unreasonable. Thanks /Ilias > > [1] Of Course here we need the eMMC and TEE/OPTEE drivers to be built-in too. > > -Sumit > > > > > Thanks > > /Ilias > > > > > > Jan > > > > > > -- > > > Siemens AG, Technology > > > Competence Center Embedded Linux > > >