From mboxrd@z Thu Jan  1 00:00:00 1970
Authentication-Results: mx.groups.io;
 dkim=missing; spf=pass (domain: redhat.com, ip: 209.132.183.28, mailfrom: lersek@redhat.com)
Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28])
 by groups.io with SMTP; Mon, 30 Sep 2019 15:47:19 -0700
Received: from smtp.corp.redhat.com (int-mx07.intmail.prod.int.phx2.redhat.com [10.5.11.22])
	(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by mx1.redhat.com (Postfix) with ESMTPS id C75A5859FB;
	Mon, 30 Sep 2019 22:47:18 +0000 (UTC)
Received: from lacos-laptop-7.usersys.redhat.com (ovpn-121-111.rdu2.redhat.com [10.10.121.111])
	by smtp.corp.redhat.com (Postfix) with ESMTP id 7AE781001281;
	Mon, 30 Sep 2019 22:47:16 +0000 (UTC)
Subject: Re: [PATCH V1 0/5] UEFI Variable SMI Reduction
From: "Laszlo Ersek" <lersek@redhat.com>
To: "Kubacki, Michael A" <michael.a.kubacki@intel.com>,
 "devel@edk2.groups.io" <devel@edk2.groups.io>
Cc: "Bi, Dandan" <dandan.bi@intel.com>,
 Ard Biesheuvel <ard.biesheuvel@linaro.org>, "Dong, Eric"
 <eric.dong@intel.com>, "Gao, Liming" <liming.gao@intel.com>,
 "Kinney, Michael D" <michael.d.kinney@intel.com>, "Ni, Ray"
 <ray.ni@intel.com>, "Wang, Jian J" <jian.j.wang@intel.com>,
 "Wu, Hao A" <hao.a.wu@intel.com>, "Yao, Jiewen" <jiewen.yao@intel.com>
References: <20190926045046.34592-1-michael.a.kubacki@intel.com>
 <a0b5ec10-8620-edcb-555b-28780083fa0d@redhat.com>
 <DM6PR11MB3834D59D26917F33030DEBEFB5860@DM6PR11MB3834.namprd11.prod.outlook.com>
 <DM6PR11MB38347A0BA2EF2801EE5525D6B5860@DM6PR11MB3834.namprd11.prod.outlook.com>
 <c553d6be-35b5-a878-7cd0-5f3465a8e21f@redhat.com>
Message-ID: <2e880103-1c86-81bb-3a94-f9bf6cb64a35@redhat.com>
Date: Tue, 1 Oct 2019 00:47:15 +0200
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101
 Thunderbird/52.9.1
MIME-Version: 1.0
In-Reply-To: <c553d6be-35b5-a878-7cd0-5f3465a8e21f@redhat.com>
X-Scanned-By: MIMEDefang 2.84 on 10.5.11.22
X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.26]); Mon, 30 Sep 2019 22:47:18 +0000 (UTC)
Content-Type: text/plain; charset=utf-8
Content-Language: en-US
Content-Transfer-Encoding: 7bit

On 10/01/19 00:43, Laszlo Ersek wrote:
> On 09/27/19 00:35, Kubacki, Michael A wrote:
>> After thinking a bit more, this test is based on a side effect of implementation. I'd prefer to avoid this being the sole cause of additional complexity in an already complex driver. Are one of these two options acceptable?
>>
>> 1. Use the Runtime Services QueryVariableInfo () API
>>
>> In this patch series, this is still implemented to trigger an SMI as invocations occur very rarely outside mainstream GetVariable () and GetNextVariableName () usage so performance is not a major concern. This allows it to continue to use the validated path to the converged implementation in Variable.c
> 
> QueryVariableInfo() is not exposed to Linux userspace in any practical way.
> 
> The Firmware Test Suite contains a dedicated test case for that runtime
> service:
> 
> https://wiki.ubuntu.com/FirmwareTestSuite/Reference/uefivarinfo
> 
> which can be invoked from the root prompt.
> 
> However, the userspace app depends on the efi_test module
> (CONFIG_EFI_TEST), which is not built in Fedora (not even in the debug
> kernel).
> 
> Building the kernel module specifically for the test is very messy,
> especially if the running kernel was signed, and booted with Secure Boot
> enabled. (It won't just accept any hand-build module.)
> 
> I'll ask the Fedora kernel maintainers if they can set CONFIG_EFI_TEST
> to "m".

NB, using QueryVariableInfo() for testing would still rely on an
implementation detail, namely that QueryVariableInfo() is allowed (for
now) to enter SMM.

But what if that changes again?

Thanks
Laszlo