Received: by 2002:a05:7412:d8a:b0:e2:908c:2ebd with SMTP id b10csp3730189rdg; Wed, 18 Oct 2023 04:36:59 -0700 (PDT) X-Google-Smtp-Source: AGHT+IGXKj0e96DDHP1D1PHqYzOnvvTy9/IuQ9KZfOPNg3Q0NMm32cZun4j8DudCA7fHZxwUq0Uv X-Received: by 2002:a17:902:e5d2:b0:1c4:56c8:27f8 with SMTP id u18-20020a170902e5d200b001c456c827f8mr4907964plf.68.1697629018989; Wed, 18 Oct 2023 04:36:58 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1697629018; cv=none; d=google.com; s=arc-20160816; b=d2Gv56zeXHTHkRFmLlhevHV3+SDzEPQR8O6MPISXC8xVZkIeJNIziRpEYWG+f+sYRm bNRFMybcRgqqSfUMhs4zUkijoc00WxDAq94aWSRmY+z61DOlCqkSIRS/jM8Dtzy17xZs tQdYlFyDXDTW6kuqFQGLkadCS4oXkGs1POXhz56W1rljAHfnohPPQppRYJTJSOJgctEK YWphXrPdMWh7IWLxXmxHDoLyz75HardLbPr8g5RplhP4mOZYV7XxTMtBl/5WPxYWKOhB JYhswSoO2BVW9WrraG62L1YYdMNweoYyq32czXHmPC0lBQ45luWidjRuKqKK6MLZ5Jdq jXMA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:content-disposition:mime-version :references:message-id:subject:cc:to:from:date:dkim-signature; bh=5OCoWdkkM0uyEGxIzbyjkO7Y1UBByg1bvxmc5CDeRBE=; fh=arQD4ENijCFKgLG+ebP2VEyvjX9PaSJEC0S2/Kv0YzU=; b=GUViWKCgWC6dHYVTmABYwJGBantmT+gQTeFTP8W15/g/SC7tsYFlmwuC7tnsqP4IAH UCOM1X03V7VN8lP77prQf5UMhYFD+yPyY90fgv8uisvcBxgW0v+9rBUJXXBj3j8EIPCL l+HZI57lqxffSCXweFnAdIxwyEjXPI0Fsuc0D0b6HnnDShoM9Fwsw8CFwABm1bBs9Ckw 1dTj3fklj1BnVYVSqwdzAK5o2GHmB8747pp2JEMmpiUGcx68TLw/voMvlyb/OY+HzGau qErlEWTKyeapV99H3UH/I8ttbVZYRUGypa0J9/My6BEisJYpa9EuVfa5qV+mn7qxmg7q vdbw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=jEfS+i6w; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:4 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from howler.vger.email (howler.vger.email. [2620:137:e000::3:4]) by mx.google.com with ESMTPS id m16-20020a170902db1000b001c4660cd474si4082772plx.634.2023.10.18.04.36.58 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 18 Oct 2023 04:36:58 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:4 as permitted sender) client-ip=2620:137:e000::3:4; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=jEfS+i6w; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:4 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by howler.vger.email (Postfix) with ESMTP id E39CB8025792; Wed, 18 Oct 2023 04:35:41 -0700 (PDT) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.10 at howler.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231132AbjJRLf2 (ORCPT + 99 others); Wed, 18 Oct 2023 07:35:28 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:49682 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231329AbjJRLfW (ORCPT ); Wed, 18 Oct 2023 07:35:22 -0400 Received: from mail-ej1-x634.google.com (mail-ej1-x634.google.com [IPv6:2a00:1450:4864:20::634]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id D842C1B6 for ; Wed, 18 Oct 2023 04:35:14 -0700 (PDT) Received: by mail-ej1-x634.google.com with SMTP id a640c23a62f3a-9c53e8b7cf4so390313166b.1 for ; Wed, 18 Oct 2023 04:35:14 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; t=1697628913; x=1698233713; darn=vger.kernel.org; h=in-reply-to:content-disposition:mime-version:references:message-id :subject:cc:to:from:date:from:to:cc:subject:date:message-id:reply-to; bh=5OCoWdkkM0uyEGxIzbyjkO7Y1UBByg1bvxmc5CDeRBE=; b=jEfS+i6w03Mib6fL7BMD4ZBq7Umc7uG+lWPMHQYw8dBiD1I6jGvCsUac8bm0x/Tm9k F9WP0BvskBmNiLR4cUX5CeP/wRnDCT8TltvRe4LxmRpo7XQyMYd6u7hyHg3g882Y+WP4 HPa2fw0cx5lZSx1YXuVfjYOa+wY4XdFqZP1z3B+QCq27CinyhHwD781/kO2PN+0wmInH ND7gayEBLQJzCdEFjeuH65PWCN9i0uuwQ3tCVtdI8lY+qnayEU8hXYtgnda8xSTTyICJ i9AwGVts1lga5OY9q/VhB/Hrbh74sFvyJgMWgLSBHoAjnIAomHrxsOKcjQwsHHMeiEQC u5qw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1697628913; x=1698233713; h=in-reply-to:content-disposition:mime-version:references:message-id :subject:cc:to:from:date:x-gm-message-state:from:to:cc:subject:date :message-id:reply-to; bh=5OCoWdkkM0uyEGxIzbyjkO7Y1UBByg1bvxmc5CDeRBE=; b=KXeZjNkq58NIqXesvO36M7v2xcy9xFoQheZP/dbzSgP1oWXvsqcA/p1g6rltfN6tm5 cTE1La7yKdwFe/pclw7EED7ov5xdqljntwhbSCdqV5cvGL0u5bNuLG6iM/ZGEvo3c41m ucAFSh37Ny/WQ4TDgDUChMvDaaeksliF8eJBuPAlRq9jMz8j1wiQH7bJsldocHa/ZM/R oVpvSJEIAfFdO7QmoH9da1hWgkY04bi2PZfBrg5075JFZJaM1vTsBF3Zs1Xu2J16egnn vOwvebVWytFuQpcwp9nUF0PfVpxsY9JiMy2GEYjl0fXNsLXV2kWLNYxhewq8G6/aEXqS b+qA== X-Gm-Message-State: AOJu0YzaiBKJIS4bdoN/yqARTZlaifVx/S4iNp5wrfxEWGz7v70Q7DDm pv75KhiK/YIFxpfCnEJ+C7/tQcuKbhpdwpiaSrem4g== X-Received: by 2002:a17:907:7f23:b0:9b2:982e:339a with SMTP id qf35-20020a1709077f2300b009b2982e339amr3467175ejc.22.1697628912806; Wed, 18 Oct 2023 04:35:12 -0700 (PDT) Received: from hera (ppp046103219117.access.hol.gr. [46.103.219.117]) by smtp.gmail.com with ESMTPSA id c10-20020a1709063f0a00b009887f4e0291sm1511282ejj.27.2023.10.18.04.35.11 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 18 Oct 2023 04:35:12 -0700 (PDT) Date: Wed, 18 Oct 2023 14:35:09 +0300 From: Ilias Apalodimas To: Masahisa Kojima Cc: Ard Biesheuvel , Jens Wiklander , Jan Kiszka , Sumit Garg , linux-kernel@vger.kernel.org, op-tee@lists.trustedfirmware.org, Johan Hovold , Randy Dunlap , Heinrich Schuchardt , Jonathan Cameron Subject: Re: [PATCH v9 0/6] introduce tee-based EFI Runtime Variable Service Message-ID: References: <20231013074540.8980-1-masahisa.kojima@linaro.org> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20231013074540.8980-1-masahisa.kojima@linaro.org> X-Spam-Status: No, score=-0.8 required=5.0 tests=DKIM_SIGNED,DKIM_VALID, DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI, SPF_HELO_NONE,SPF_PASS autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on howler.vger.email Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (howler.vger.email [0.0.0.0]); Wed, 18 Oct 2023 04:35:42 -0700 (PDT) Kojima-san, I found some time to do some extended testing here's what I found Switching the permissions from RO->RW when the supplicant is started works correctly # mount | grep efiv efivarfs on /sys/firmware/efi/efivars type efivarfs (ro,nosuid,nodev,noexec,relatime) # tee-supplicant -d [ 77.374878] efivars: Unregistered efivars operations [ 77.381604] Use tee-based EFI runtime variable services [ 77.386862] efivars: Registered efivars operations # mount | grep efiv efivarfs on /sys/firmware/efi/efivars type efivarfs (rw,nosuid,nodev,noexec,relatime) I didn't test unbinding yet, but I assume it's going to work fine and remove the efivar ops. Reading an writing non-authenticated EFI variables seems to work fine. I verified this with U-Boot and the BootOrder changed correctly. # efibootmgr -o 0001,0002,0000 BootCurrent: 0002 BootOrder: 0001,0002,0000 Boot0000* nvme 0:1 Boot0001* nvme 0:2 Boot0002* debian # efibootmgr -o 0002,0000,0001 BootCurrent: 0002 BootOrder: 0002,0000,0001 Boot0000* nvme 0:1 Boot0001* nvme 0:2 Boot0002* debian Writing authenticated EFI variables works the first time. I also dumped those variables from both Linux and U-Boot and they matched # efi-updatevar -f PK.auth PK # efi-updatevar -f KEK.auth KEK # efi-updatevar -f db.auth db But removing the PK at runtime fails. # efi-updatevar -f noPK.auth PK # Failed to update PK: Operation not permitted My guess is that the EDK2 code prohibits that, but we need to check why this is happening. I also got similar failures trying to update KEK and db. But the most worrying thing is this. From Linux program KEK and db # efi-updatevar -f KEK.auth KEK # efi-updatevar -f db.auth db Reboot the machine and U-Boot complains when it tries to populate the runtime vars with: Loading Linux 6.6.0-rc2-00654-g82a013b37495 ... Loading initial ramdisk ... EFI stub: Booting Linux Kernel... EFI stub: Using DTB from configuration table EFI stub: Exiting boot services... Can't populate EFI variables. No runtime variables will be available <-- This If you rewrite those vars from the U-Boot shell everything seems to come back to normal => tftp $loadaddr 192.168.49.5:noKEK.auth && setenv -e -nv -bs -rt -at -i $loadaddr:$filesize KEK => tftp $loadaddr 192.168.49.5:nodb.auth && setenv -e -nv -bs -rt -at -i $loadaddr:$filesize db => tftp $loadaddr 192.168.49.5:KEK.auth && setenv -e -nv -bs -rt -at -i $loadaddr:$filesize KEK => tftp $loadaddr 192.168.49.5:db.auth && setenv -e -nv -bs -rt -at -i $loadaddr:$filesize db Loading Linux 6.6.0-rc2-00654-g82a013b37495 ... Loading initial ramdisk ... EFI stub: Booting Linux Kernel... EFI stub: Using DTB from configuration table EFI stub: Exiting boot services... Let me know if you need any more information Regards /Ilias On Fri, Oct 13, 2023 at 04:45:33PM +0900, Masahisa Kojima wrote: > This series introduces the tee based EFI Runtime Variable Service. > > The eMMC device is typically owned by the non-secure world(linux in > this case). There is an existing solution utilizing eMMC RPMB partition > for EFI Variables, it is implemented by interacting with > OP-TEE, StandaloneMM(as EFI Variable Service Pseudo TA), eMMC driver > and tee-supplicant. The last piece is the tee-based variable access > driver to interact with OP-TEE and StandaloneMM. > > Changelog: > v8 -> v9 > - patch #6 "tee: optee: restore efivars ops when tee-supplicant stops" > is newly added > - remove !EFI_VARS_PSTORE Kconfig dependency, we have added a non-blocking > set_variable and it just returns EFI_UNSUPPORTED. > - remove obvious comments > > v7 -> v8 > Only patch #3 "efi: Add tee-based EFI variable driver" is updated. > - fix typos > - refactor error handling, direct return if applicable > - use devm_add_action_or_reset() for closing of tee context/session > - remove obvious comment > > v6 -> v7 > Patch #1-#4 are not updated. > Patch #5 is added into this series, original patch is here: > https://lore.kernel.org/all/20230609094532.562934-1-ilias.apalodimas@linaro.org/ > > There are two issues in the v6 series and v7 series addresses those. > > 1) efivar ops is not restored when the tee-supplicant daemon terminates. > -> As the following patch says, user must remove the device before > terminating tee-supplicant daemon. > https://lore.kernel.org/all/20230728134832.326467-1-sumit.garg@linaro.org/ > > 2) cause panic when someone remounts the efivarfs as RW even if > SetVariable is not supported > -> The fifth patch addresses this issue. > "[PATCH v7 5/5] efivarfs: force RO when remounting if SetVariable is > not supported" > > v5 -> v6 > - new patch #4 is added in this series, #1-#3 patches are unchanged. > automatically update super block flag when the efivarops support > SetVariable runtime service, so that user does not need to manually > remount the efivarfs as RW. > > v4 -> v5 > - rebase to efi-next based on v6.4-rc1 > - set generic_ops.query_variable_info, it works as expected as follows. > $ df -h /sys/firmware/efi/efivars/ > Filesystem Size Used Avail Use% Mounted on > efivarfs 16K 1.3K 15K 8% /sys/firmware/efi/efivars > > v3 -> v4: > - replace the reference from EDK2 to PI Specification > - remove EDK2 source code reference comments > - prepare nonblocking variant of set_variable, it just returns > EFI_UNSUPPORTED > - remove redundant buffer size check > - argument name change in mm_communicate > - function interface changes in setup_mm_hdr to remove (void **) cast > > v2 -> v3: > - add CONFIG_EFI dependency to TEE_STMM_EFI > - add missing return code check for tee_client_invoke_func() > - directly call efivars_register/unregister from tee_stmm_efi.c > > rfc v1 -> v2: > - split patch into three patches, one for drivers/tee, > one for include/linux/efi.h, and one for the driver/firmware/efi/stmm > - context/session management into probe() and remove() same as other tee > client driver > - StMM variable driver is moved from driver/tee/optee to driver/firmware/efi > - use "tee" prefix instead of "optee" in driver/firmware/efi/stmm/tee_stmm_efi.c, > this file does not contain op-tee specific code, abstracted by tee layer and > StMM variable driver will work on other tee implementation. > - PTA_STMM_CMD_COMMUNICATE -> PTA_STMM_CMD_COMMUNICATE > - implement query_variable_store() but currently not used > - no use of TEEC_SUCCESS, it is defined in driver/tee/optee/optee_private.h. > Other tee client drivers use 0 instead of using TEEC_SUCCESS > - remove TEEC_ERROR_EXCESS_DATA status, it is referred just to output > error message > > Ilias Apalodimas (1): > efivarfs: force RO when remounting if SetVariable is not supported > > Masahisa Kojima (5): > efi: expose efivar generic ops register function > efi: Add EFI_ACCESS_DENIED status code > efi: Add tee-based EFI variable driver > efivarfs: automatically update super block flag > tee: optee: restore efivars ops when tee-supplicant stops > > drivers/firmware/efi/Kconfig | 15 + > drivers/firmware/efi/Makefile | 1 + > drivers/firmware/efi/efi.c | 18 + > drivers/firmware/efi/stmm/mm_communication.h | 236 +++++++ > drivers/firmware/efi/stmm/tee_stmm_efi.c | 617 +++++++++++++++++++ > drivers/firmware/efi/vars.c | 8 + > drivers/tee/optee/supp.c | 4 + > fs/efivarfs/super.c | 45 ++ > include/linux/efi.h | 13 + > 9 files changed, 957 insertions(+) > create mode 100644 drivers/firmware/efi/stmm/mm_communication.h > create mode 100644 drivers/firmware/efi/stmm/tee_stmm_efi.c > > > base-commit: b691118f2c44d16b84fc65b8147b33620eb18cac > -- > 2.30.2 >