From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail05.groups.io (mail05.groups.io [45.79.224.7]) by spool.mail.gandi.net (Postfix) with ESMTPS id DFF8A780091 for ; Mon, 2 Dec 2024 21:25:36 +0000 (UTC) DKIM-Signature: a=rsa-sha256; bh=ztR0UhNCQE9JX5mrGqDRXtFCa5n98SLl2nEcjal4T1M=; c=relaxed/simple; d=groups.io; h=Feedback-ID:Message-ID:Date:MIME-Version:User-Agent:To:From:Subject:Cc:Precedence:List-Subscribe:List-Help:Sender:List-Id:Mailing-List:Delivered-To:Resent-Date:Resent-From:Reply-To:List-Unsubscribe-Post:List-Unsubscribe:Content-Language:Content-Type:Content-Transfer-Encoding; s=20240830; t=1733174736; v=1; x=1733433935; b=wIiDQMh9Zk5qLDgUTj+pzLFuOT+6dgs3rAGf1OiN1q6AP4rawKIeYyTDxYSHlGHxjHzFnWuG yQ11ts9V0bOKrz99iPVsmDiGxW16YZvfcQP9sj2TT+pHIx4RcL6jlEMzd4X5+oN2MqRP1uWyaJF TfhhsVUfQVhK9yGsqk3xO1qikii7x4w2/VFf0tyXVl+5+UoAb1KHbO8SS8ChMwSXn2KEuvA+9C1 rTe1Gs8pvxT7pqtU9YRa8hIbvs8I+EAFDzbghm88W6mRG2bhtlkf3XOZExrd0+f7jXwb5Tbbr1U tZHALm4g9QOhSOAM6BOzIB72Aws1VsU9KmBac/6LMBozg== X-Received: by 127.0.0.2 with SMTP id tiIDYY7687511xoavwcggpPk; Mon, 02 Dec 2024 13:25:35 -0800 X-Received: from fout-b2-smtp.messagingengine.com (fout-b2-smtp.messagingengine.com [202.12.124.145]) by mx.groups.io with SMTP id smtpd.web11.4493.1733174734318240004 for ; Mon, 02 Dec 2024 13:25:34 -0800 X-Received: from phl-compute-06.internal (phl-compute-06.phl.internal [10.202.2.46]) by mailfout.stl.internal (Postfix) with ESMTP id 8C8D21140206; Mon, 2 Dec 2024 16:25:33 -0500 (EST) X-Received: from phl-mailfrontend-02 ([10.202.2.163]) by phl-compute-06.internal (MEProxy); Mon, 02 Dec 2024 16:25:33 -0500 X-ME-Sender: X-ME-Received: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgeefuddrheelgddugeekucetufdoteggodetrfdotf fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdggtfgfnhhsuhgsshgtrhhisggvpdfu rfetoffkrfgpnffqhgenuceurghilhhouhhtmecufedttdenucesvcftvggtihhpihgvnh htshculddquddttddmnecujfgurhepkfffgggfvffhufevtgfgsehtkeertddtvdejnecu hfhrohhmpeftvggsvggttggrucevrhgrnhcuoehrvggsvggttggrsegsshguihhordgtoh hmqeenucggtffrrghtthgvrhhnpedvleduueekieeuueelteejueefuddttdeugfetjedt veffheffudehueehteejgeenucevlhhushhtvghrufhiiigvpedtnecurfgrrhgrmhepmh grihhlfhhrohhmpehrvggsvggttggrsegsshguihhordgtohhmpdhnsggprhgtphhtthho pedvpdhmohguvgepshhmthhpohhuthdprhgtphhtthhopeguvghvvghlsegvughkvddrgh hrohhuphhsrdhiohdprhgtphhtthhopeguohhughhflhhitghksehmihgtrhhoshhofhht rdgtohhm X-ME-Proxy: Feedback-ID: i5b994698:Fastmail X-Received: by mail.messagingengine.com (Postfix) with ESMTPA; Mon, 2 Dec 2024 16:25:32 -0500 (EST) Message-ID: <2622e377-6909-4a85-bea3-eedc8c43ced6@bsdio.com> Date: Mon, 2 Dec 2024 14:25:26 -0700 MIME-Version: 1.0 User-Agent: Mozilla Thunderbird To: "devel@edk2.groups.io" From: "Rebecca Cran" Subject: [edk2-devel] Debugging EFI Runtime crash when trying to update DBX for Secure Boot in Linux (fwupdmgr update) Cc: Doug Flick Precedence: Bulk List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Resent-Date: Mon, 02 Dec 2024 13:25:34 -0800 Resent-From: rebecca@bsdio.com Reply-To: devel@edk2.groups.io,rebecca@bsdio.com List-Unsubscribe-Post: List-Unsubscribe=One-Click List-Unsubscribe: X-Gm-Message-State: j2qDCN7PLxFNwvGx1LM1TXUWx7686176AA= Content-Language: en-US Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 8bit X-GND-Status: LEGIT Authentication-Results: spool.mail.gandi.net; dkim=pass header.d=groups.io header.s=20240830 header.b=wIiDQMh9; dmarc=none; spf=pass (spool.mail.gandi.net: domain of bounce@groups.io designates 45.79.224.7 as permitted sender) smtp.mailfrom=bounce@groups.io I've set up Secure Boot for my firmware, but I'm having problems when trying to have fwupdmgr install a DBX update. Since I've run into problems setting up arm64_DBXUpdate.bin from uefi.org or DefaultDbx.bin from a build of secureboot_objects I'm generating my own certificate and installing that as dbxDefault just so that the variable exists. I reset the entire SPI-NOR to default (i.e. deleting any existing variables), then enable Secure Boot in UiApp and boot openSUSE. When I run fwupmgr update, I get: localhost:~ # fwupdmgr update Devices with no available firmware updates:  • System Firmware  • WD BLACK SN850X 4000GB ╔══════════════════════════════════════════════════════════════════════════════╗ ║ Upgrade UEFI dbx from 0 to 26?                                               ║ ╠══════════════════════════════════════════════════════════════════════════════╣ ║ Insecure versions of the Microsoft Windows boot manager affected by Black    ║ ║ Lotus were added to the list of forbidden signatures due to a discovered     ║ ║ security problem.This updates the dbx to the latest release from Microsoft.  ║ ║ ║ ║ Before installing the update, fwupd will check for any affected executables  ║ ║ in the ESP and will refuse to update if it finds any boot binaries signed    ║ ║ with any of the forbidden signatures.Applying this update may also cause     ║ ║ some Windows install media to not start correctly.                           ║ ║ ║ ╚══════════════════════════════════════════════════════════════════════════════╝ Perform operation? [Y|n]: y Downloading…             [ - ] Decompressing… [***************************************] Authenticating… [***************************************] Waiting… [***************************************] Writing… [***************************************] Restarting device… [                                       ] Writing… [                                       ] Decompressing… [                                       ] Writing…                 [ [   53.309930][  T360] [Firmware Bug]: Unable to handle paging request in EFI runtime service                                      ] failed to write data to efivarfs: Error writing to file descriptor: Input/output error And dmesg shows: [   53.309930] [    T360] [Firmware Bug]: Unable to handle paging request in EFI runtime service [   53.321038] [   T2422] ------------[ cut here ]------------ [   53.321047] [   T2422] WARNING: CPU: 42 PID: 2422 at drivers/firmware/efi/runtime-wrappers.c:341 __efi_queue_work+0xe4/0x120 [   53.321062] [   T2422] Modules linked in: af_packet nft_fib_inet nft_fib_ipv4 nft_fib_ipv6 nft_fib nft_reject_inet nf_reject_ipv4 nf_reject_ipv6 nft_reject nft_ct nft_chain_nat ebtable_nat ebtable_broute rfkill ip6table_nat ip6table_mangle ip6table_raw ip6table_security iptable_nat nf_nat nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 iptable_mangle iptable_raw iptable_security ebtable_filter ebtables ip6table_filter ip6_tables qrtr nf_tables iptable_filter binfmt_misc joydev cdc_subset cdc_ether usbnet cdc_acm mii nls_iso8859_1 nls_cp437 vfat fat snd_usb_audio snd_usbmidi_lib snd_hwdep snd_ump snd_rawmidi uas snd_seq_device usb_storage mc snd_pcm sd_mod scsi_dh_emc snd_timer scsi_dh_rdac scsi_dh_alua snd hid_generic sg soundcore scsi_mod usbhid scsi_common acpi_ipmi ipmi_ssif ipmi_devintf tiny_power_button igb arm_spe_pmu ipmi_msghandler button arm_cmn acpiphp_ampere_altra arm_dmc620_pmu arm_dsu_pmu cppc_cpufreq nvme_fabrics fuse nvme_keyring loop efi_pstore dm_mod nfnetlink dmi_sysfs ip_tables x_tables aes_ce_blk aes_ce_cipher [   53.321224] [   T2422]  crct10dif_ce xhci_pci xhci_pci_renesas polyval_ce polyval_generic ghash_ce gf128mul xhci_hcd sm4 sha2_ce nvme sha256_arm64 usbcore sha1_ce nvme_core sbsa_gwdt ast nvme_auth i2c_algo_bit usb_common xgene_hwmon gpio_dwapb btrfs blake2b_generic libcrc32c xor xor_neon raid6_pq i2c_dev efivarfs [   53.321279] [   T2422] CPU: 42 UID: 0 PID: 2422 Comm: fwupd Tainted: G          I        6.11.8-1-default #1 openSUSE Tumbleweed 1400000003000000474e5500ae3eced04b985462 [   53.321290] [   T2422] Tainted: [I]=FIRMWARE_WORKAROUND [   53.321293] [   T2422] Hardware name: Adlink Ampere Altra Developer Platform/COM-HPC-Carrier, BIOS TianoCore 24.12.02-01 (SYS: 2.10.20230517) 12/02/2024 [   53.321296] [   T2422] pstate: 60400009 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) [   53.321303] [   T2422] pc : __efi_queue_work+0xe4/0x120 [   53.321308] [   T2422] lr : __efi_queue_work+0xd0/0x120 [   53.321312] [   T2422] sp : ffff80008583b940 [   53.321315] [   T2422] x29: ffff80008583b940 x28: ffff07ff8bcc4500 x27: 0000000000000000 [   53.321324] [   T2422] x26: 0000000000001208 x25: ffff07ff94859c00 x24: 0000000000000067 [   53.321332] [   T2422] x23: ffff07ff94859800 x22: ffff07ff94859c00 x21: 0000000000001202 [   53.321339] [   T2422] x20: ffffaa255f9655a8 x19: ffffaa255f965548 x18: 0000000000000001 [   53.321345] [   T2422] x17: ffff07ff90946340 x16: ffffaa255d6b3198 x15: 000000000000037d [   53.321352] [   T2422] x14: 0000000000000001 x13: 0000000000000000 x12: 0000000000000800 [   53.321359] [   T2422] x11: 071c71c71c71c71c x10: 0000000000001bc0 x9 : ffffaa255da39d18 [   53.321366] [   T2422] x8 : ffff07ff8bcc6120 x7 : 0000000000000000 x6 : 00000000000003e8 [   53.321372] [   T2422] x5 : 00000000410fd0c0 x4 : 0000000000300001 x3 : 0000000000000000 [   53.321379] [   T2422] x2 : 0000000000000000 x1 : 8000000000000015 x0 : 8000000000000015 [   53.321385] [   T2422] Call trace: [   53.321388] [   T2422]  __efi_queue_work+0xe4/0x120 [   53.321392] [   T2422]  virt_efi_set_variable+0x74/0xe0 [   53.321398] [   T2422]  efivar_set_variable_locked+0x7c/0x100 [   53.321402] [   T2422]  efivar_entry_set_get_size+0x9c/0x170 [efivarfs 1400000003000000474e55008e4f4f0ee8473f7a] [   53.321414] [   T2422]  efivarfs_file_write+0x140/0x2e0 [efivarfs 1400000003000000474e55008e4f4f0ee8473f7a] [   53.321421] [   T2422]  vfs_write+0xdc/0x370 [   53.321427] [   T2422]  ksys_write+0x78/0x120 [   53.321431] [   T2422]  __arm64_sys_write+0x24/0x40 [   53.321435] [   T2422]  invoke_syscall+0x6c/0x100 [   53.321443] [   T2422]  el0_svc_common.constprop.0+0xc8/0xf0 [   53.321450] [   T2422]  do_el0_svc+0x24/0x38 [   53.321457] [   T2422]  el0_svc+0x3c/0x170 [   53.321464] [   T2422]  el0t_64_sync_handler+0x120/0x130 [   53.321470] [   T2422]  el0t_64_sync+0x1a8/0x1b0 [   53.321475] [   T2422] ---[ end trace 0000000000000000 ]--- [   53.321489] [   T2422] efi: EFI Runtime Services are disabled! I have no idea how to go about debugging why the SetVariable call is causing the crash. Is it likely to be the way I've got dbxDefault set up, or does anyone know how I could debug it further? Rebecca -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#120855): https://edk2.groups.io/g/devel/message/120855 Mute This Topic: https://groups.io/mt/109889108/7686176 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io] -=-=-=-=-=-=-=-=-=-=-=-