From patchwork Sat Apr 6 14:01:51 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ilias Apalodimas X-Patchwork-Id: 786479 Delivered-To: patch@linaro.org Received: by 2002:a05:6000:1101:b0:343:f27d:c44e with SMTP id z1csp627815wrw; Sat, 6 Apr 2024 07:02:27 -0700 (PDT) X-Forwarded-Encrypted: i=2; AJvYcCVqY55dNtXLcw8TS+AAd9tN86xAsveK9pp/VfT8Z4D+y6E2O7lFaqvWMq+/ZnDORsVmkJIutzGGtMSjDNpWH3Oc X-Google-Smtp-Source: AGHT+IGfOugWyvh8g6+gFCdMGFuNDCKJ7xc5dg94GY0B6KYbSkTq4oYpNyAtmgghCewWZhBx7WMx X-Received: by 2002:a17:906:4ad5:b0:a51:ae51:5206 with SMTP id u21-20020a1709064ad500b00a51ae515206mr2207750ejt.42.1712412147061; Sat, 06 Apr 2024 07:02:27 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1712412147; cv=none; d=google.com; s=arc-20160816; b=0crkMTIyggYX1BcbMlli6v+8Nvuf0dyeEi30Cq720y/TbsLTaTYwexrUv5vwXwrxfn 59CWlx30A8wtYF4C+s3PisD+kKK4pl6h47u31QnB7ygXzzFiBms1t+m9eez9DpM5Xw7c uc0I80+P1zpwNHrFTuBrOzroevMhMWZ73XTHHLZ0hSbeJ27vFiYUSy7bTs/TM8l3btpX saPmwYIILu50HgVsculwrOvnTFfftqtWFvYbeELBl9T58AWfNOtJG5MbFIz8UVDLqsGN pvmn4tkgpMprN1sgBub7bdxOLHztjDp07tzHjrmvVgeunuhEysmBoNNO+2lVvOkQYZ33 KM6Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:content-transfer-encoding :mime-version:message-id:date:subject:cc:to:from:dkim-signature; bh=128MPsUpnBMBJL7kWRT++tO9IWOd5ocVBD7CqfU2C40=; fh=gdzDky3NhH9iGSVVxLdqEL8b8xB8PTAf9XnRGA9uc2o=; b=CwLNiWFjiVZ8Ah228akfwvprH44AK4PU+cb+dwVPmKi4X/W8oX2+2DlnaBhjFMswfD JTpxuKE3ZCMi9iv9Y9y4GIjOUq69meTpgGpLtOemE+QW+HcQxIFy2P5SAyQgNLAOstX5 ydi6Ob9AeKY6/wMEgO71XeffbtCmHvLnjkoWBASB0kkmA2KyAcL8EgnVkcrV5O9wyvsj eu7XZMOpBcEfUEHyCSj9fDsus0Ewp4XtXbNc5zlaf6zosBlZo44fm33ZIhZdVd1Vw24+ bO1jQZ7qkpik/s83A68fzWnx6XnYvwbvvK05dIToEIPKAi9agdijN8J+KPhV+7ka0fpC 9HaQ==; dara=google.com ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=un9ZUU1A; spf=pass (google.com: domain of u-boot-bounces@lists.denx.de designates 2a01:238:438b:c500:173d:9f52:ddab:ee01 as permitted sender) smtp.mailfrom=u-boot-bounces@lists.denx.de; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from phobos.denx.de (phobos.denx.de. [2a01:238:438b:c500:173d:9f52:ddab:ee01]) by mx.google.com with ESMTPS id dk4-20020a170907940400b00a46b86b1fb8si1865784ejc.884.2024.04.06.07.02.22 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sat, 06 Apr 2024 07:02:27 -0700 (PDT) Received-SPF: pass (google.com: domain of u-boot-bounces@lists.denx.de designates 2a01:238:438b:c500:173d:9f52:ddab:ee01 as permitted sender) client-ip=2a01:238:438b:c500:173d:9f52:ddab:ee01; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=un9ZUU1A; spf=pass (google.com: domain of u-boot-bounces@lists.denx.de designates 2a01:238:438b:c500:173d:9f52:ddab:ee01 as permitted sender) smtp.mailfrom=u-boot-bounces@lists.denx.de; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: from h2850616.stratoserver.net (localhost [IPv6:::1]) by phobos.denx.de (Postfix) with ESMTP id C327087F00; Sat, 6 Apr 2024 16:02:21 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de Authentication-Results: phobos.denx.de; dkim=pass (2048-bit key; unprotected) header.d=linaro.org header.i=@linaro.org header.b="un9ZUU1A"; dkim-atps=neutral Received: by phobos.denx.de (Postfix, from userid 109) id 006A087F3A; Sat, 6 Apr 2024 16:02:21 +0200 (CEST) X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on phobos.denx.de X-Spam-Level: X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.2 Received: from mail-lj1-x234.google.com (mail-lj1-x234.google.com [IPv6:2a00:1450:4864:20::234]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)) (No client certificate requested) by phobos.denx.de (Postfix) with ESMTPS id 94D0E87EA8 for ; Sat, 6 Apr 2024 16:02:18 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=ilias.apalodimas@linaro.org Received: by mail-lj1-x234.google.com with SMTP id 38308e7fff4ca-2d858501412so35763631fa.0 for ; Sat, 06 Apr 2024 07:02:18 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; t=1712412138; x=1713016938; darn=lists.denx.de; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:from:to:cc:subject:date:message-id:reply-to; bh=128MPsUpnBMBJL7kWRT++tO9IWOd5ocVBD7CqfU2C40=; b=un9ZUU1ADNB61xaLh+6yNh5KxkbHKTvTYEEEzt0L098/tqNBFvgwSvsvRfSn7Wfzy/ Ww16th5cSo/mEf0SZbrJqka0XOHm8dzPeAbtKuoCkdBm3kughvt01JjpcXjAuWKoUjvx NCwNER+bk/IvXNJ//X/oNbJ4KhVPt0jKiUc39i4aThJXJNlGCiavZ9FP6qsejw+Y8T2I PUZCNUcMhBtpvG18uSAT/S6bKbAQDHVm0cbnfzbMynjjeA0azx6eL9uFbrJYxZW81CmP leu9iMCPr2eO2s4+MaAAuXovHO3DJ9k3jBBtU6oz6TNRyIryuDzbheoLtuS/axPG+lEf iO1A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1712412138; x=1713016938; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=128MPsUpnBMBJL7kWRT++tO9IWOd5ocVBD7CqfU2C40=; b=NNzEsVCKniTjOsI6mOhT8klZj1Q59zWYCdfMQ/cNFOZ9JcouGI8PgPy6qWmI7yQrWZ sT/VwOPPk+2BPK3CS17QAZhOwxWFGXjgfMrr6xTE7KVSZ+9WEhJTCXfg1SjPcfXxRMfz x7UNGTHV5n2I96rtyiFlD/bh0sHfjbOwrqtXj9QDMURHhwBrJ1VgH7ChEu7slKtfC+aY e5TwXNR378CVU6HpoIdZ3kR5jcleekBJtVCfY6Bi+5SUOOSi109J/VVB98HJSmPUpyAZ 8ytNjnGZFhy6/S2TwtKMsaN5bND/IYD5Ehj7A2aa3dGQrJ107McqzavSB4ZNVeqRY+XX BSYA== X-Forwarded-Encrypted: i=1; AJvYcCW6CrW4CPyaltSE50Q+EKOLuMbgNeM6YRuDKBwHFZ2QSaNMQmwbMx5yy2V+CkjGpwpjeciB/az2lL4LoxDMIrIF5q1Ftw== X-Gm-Message-State: AOJu0Yzds358gjPKgl8sMBqb8MNIvhzSIr/JTwAe8hl48RB8p1Asegq/ 4ypvgoQYgrJF/+LRipKVIjVRomquW+AgrxEVAcC4T7vrrEUV4uKQuqOw5yT52SA= X-Received: by 2002:a2e:bb85:0:b0:2d8:677a:8dcc with SMTP id y5-20020a2ebb85000000b002d8677a8dccmr2651608lje.47.1712412137671; Sat, 06 Apr 2024 07:02:17 -0700 (PDT) Received: from hades.. (ppp089210071137.access.hol.gr. [89.210.71.137]) by smtp.gmail.com with ESMTPSA id j19-20020a05600c1c1300b004163de6cfabsm1729756wms.11.2024.04.06.07.02.15 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sat, 06 Apr 2024 07:02:17 -0700 (PDT) From: Ilias Apalodimas To: xypron.glpk@gmx.de, kettenis@openbsd.org Cc: caleb.connolly@linaro.org, sumit.garg@linaro.org, quic_llindhol@quicinc.com, ardb@kernel.org, pbrobinson@gmail.com, pjones@redhat.com, Ilias Apalodimas , Tom Rini , Masahisa Kojima , AKASHI Takahiro , Bin Meng , Raymond Mao , Simon Glass , Abdellatif El Khlifi , Eddie James , Alper Nebi Yasak , Sughosh Ganu , Weizhao Ouyang , u-boot@lists.denx.de Subject: [PATCH v1 0/4] Enable SetvariableRT Date: Sat, 6 Apr 2024 17:01:51 +0300 Message-Id: <20240406140203.248211-1-ilias.apalodimas@linaro.org> X-Mailer: git-send-email 2.37.2 MIME-Version: 1.0 X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.39 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" X-Virus-Scanned: clamav-milter 0.103.8 at phobos.denx.de X-Virus-Status: Clean Hi all, This is an updated version of [0]. When EFI variables are stored on file we don't allow SetVariableRT, since the OS doesn't know how to access or write that file. At the same time keeping the U-Boot drivers alive in runtime sections and performing writes from the firmware is dangerous -- if at all possible. For GetVariableRT we copy runtime variables in RAM and expose them to the OS. Add a Kconfig option and provide SetVariableRT using the same memory back end. The OS will be responsible for syncing the RAM contents to the file, otherwise any changes made during runtime won't persist reboots. It's worth noting that the variable store format is defined in EBBR [1] and authenticated variables are explicitly prohibited, since they have to be stored on a medium that's tamper and rollback protected. The original RFC was just enabling the memory back end. This is a more complete version and we should be able, with small adjustments of userspace tools, fix SetVariableRT. If enabled the firmware will add two new RO EFI variables after ExitBootServices. RTStorageVolatile -- contains the filename, relative to the ESP VarToFile -- an EFI variable that holds all the BS,RT, NV variables and can be copied to the file defined by RTStorageVolatile. If any errors occur during the variable init, the firmware will delete them and adjust the RT_PROP table accordingly, disabling SetvarRT. - pre-patch $~ mount | grep efiva efivarfs on /sys/firmware/efi/efivars type efivarfs (ro,nosuid,nodev,noexec,relatime) $~ efibootmgr -n 0001 Could not set BootNext: Read-only file system - post-patch $~ mount | grep efiva efivarfs on /sys/firmware/efi/efivars type efivarfs (rw,nosuid,nodev,noexec,relatime) , disabling SetvarRT. $~ efibootmgr -n 0001 BootNext: 0001 BootCurrent: 0000 BootOrder: 0000,0001 Boot0000* debian HD(1,GPT,bdae5610-3331-4e4d-9466-acb5caf0b4a6,0x800,0x100000)/File(EFI\debian\grubaa64.efi) Boot0001* virtio 0 VenHw(e61d73b9-a384-4acc-aeab-82e828f3628b,0000000000000000)/VenHw(e61d73b9-a384-4acc-aeab-82e828f3628b,850000001f000000)/VenHw(e61d73b9-a384-4acc-aeab-82e828f3628b,1600850000000000){auto_created_boot_option} $~ efivar -p -n 8be4df61-93ca-11d2-aa0d-00e098032b8c-BootNext GUID: 8be4df61-93ca-11d2-aa0d-00e098032b8c Name: "BootNext" Attributes: Non-Volatile Boot Service Access Runtime Service Access Value: 00000000 01 00 [0] https://lore.kernel.org/u-boot/20240329071929.2461441-1-ilias.apalodimas@linaro.org/ [1] https://arm-software.github.io/ebbr/index.html#document-chapter5-variable-storage Changes since the RFC: - Return EFI_INVALID_PARAM if attributes are not volatile - Add EFI_WRITE_PROTECTED checks for BS, RT *only* variables - Add 2 EFI variables and allow userspace to write the file - Add selftests Ilias Apalodimas (4): efi_loader: conditionally enable SetvariableRT efi_loader: Add OS notifications for SetVariableRT in RAM efi_loader: add an EFI variable with the variable file contents efi_selftest: add tests for setvariableRT include/efi_loader.h | 4 + include/efi_variable.h | 15 +- lib/efi_loader/Kconfig | 16 ++ lib/efi_loader/efi_boottime.c | 2 + lib/efi_loader/efi_runtime.c | 1 + lib/efi_loader/efi_var_common.c | 43 ++-- lib/efi_loader/efi_var_file.c | 1 - lib/efi_loader/efi_var_mem.c | 90 +++----- lib/efi_loader/efi_variable.c | 210 +++++++++++++++++- lib/efi_loader/efi_variable_tee.c | 1 - .../efi_selftest_variables_runtime.c | 116 +++++++++- 11 files changed, 401 insertions(+), 98 deletions(-) --- 2.37.2