From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail05.groups.io (mail05.groups.io [45.79.224.7]) by spool.mail.gandi.net (Postfix) with ESMTPS id C3CB3941E50 for ; Mon, 2 Dec 2024 23:29:24 +0000 (UTC) DKIM-Signature: a=rsa-sha256; bh=q+BP3FiiLxRx2PesfU0t7kxB67O3lI1RA3Bw55hAnsc=; c=relaxed/simple; d=groups.io; h=MIME-Version:References:In-Reply-To:From:Date:Message-ID:Subject:To:Cc:Precedence:List-Subscribe:List-Help:Sender:List-Id:Mailing-List:Delivered-To:Resent-Date:Resent-From:Reply-To:List-Unsubscribe-Post:List-Unsubscribe:Content-Type:Content-Transfer-Encoding; s=20240830; t=1733182164; v=1; x=1733441363; b=CPWXXJ8nM6C37zGV6c4t87BZZLpRh1NuDX8yzpCtPn9mEN4Jn2Cq1Lb+txUGFgIcJm4ck4wF IE+5sTJJ05R0c7+tDy+10gco1Anh9h3xvqShZ4MRr/6GvQLvrR8hyHl/QQtqYZrY+GBzljbefXZ soIJzn4LEF1GlFtEta2kVZYNw8Une/tu+9A7SZTfWaAOjFfSeIyZgeQtMEcDWolaVn14RNK489G 3Q/ZVcMtwnxWBrMa9t1zJB13vj+XqnE9Mhu5RZw+ZRgwtMR2SuOz4vCPi4J2GXPbC5If1OJa2on ANAijioktZoUspoHBcjNAjvQAzwAo35o0EV7cXyu/2kVw== X-Received: by 127.0.0.2 with SMTP id vsMiYY7687511xlV1TVejnxW; Mon, 02 Dec 2024 15:29:23 -0800 X-Received: from mail-vs1-f45.google.com (mail-vs1-f45.google.com [209.85.217.45]) by mx.groups.io with SMTP id smtpd.web11.7261.1733182162358422776 for ; Mon, 02 Dec 2024 15:29:22 -0800 X-Received: by mail-vs1-f45.google.com with SMTP id ada2fe7eead31-4af4da7d22fso1533342137.0 for ; Mon, 02 Dec 2024 15:29:22 -0800 (PST) X-Gm-Message-State: Ix3t9Dn96MgSKlTsdR1TvwPPx7686176AA= X-Gm-Gg: ASbGncuwucx3A6sBKgO+fiATkCwNyaMKSRwzza0Xj9y6nepCDLiPOkYoKz+3PuYQRum BEBg8BkWmZ78WxUrDR05gdNU1r+RjdIuXbgoAFXklBoP+YXJRppD7PKuFRqwxzv4= X-Google-Smtp-Source: AGHT+IEPA8SxGsIvJ+kdeNJ6QBwNSuMjKAMFZVpt2batM9xme4pjq2cFUzlWb0GHyy+U4fpJxdML21Q+j+8ThmrKPSE= X-Received: by 2002:a05:6102:3ecc:b0:4af:4a56:1c00 with SMTP id ada2fe7eead31-4af971b8d15mr914332137.15.1733182160779; Mon, 02 Dec 2024 15:29:20 -0800 (PST) MIME-Version: 1.0 References: <2622e377-6909-4a85-bea3-eedc8c43ced6@bsdio.com> In-Reply-To: <2622e377-6909-4a85-bea3-eedc8c43ced6@bsdio.com> From: "Pedro Falcato via groups.io" Date: Mon, 2 Dec 2024 23:29:09 +0000 Message-ID: Subject: Re: [edk2-devel] Debugging EFI Runtime crash when trying to update DBX for Secure Boot in Linux (fwupdmgr update) To: devel@edk2.groups.io, rebecca@bsdio.com Cc: Doug Flick Precedence: Bulk List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Resent-Date: Mon, 02 Dec 2024 15:29:22 -0800 Resent-From: pedro.falcato@gmail.com Reply-To: devel@edk2.groups.io,pedro.falcato@gmail.com List-Unsubscribe-Post: List-Unsubscribe=One-Click List-Unsubscribe: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-GND-Status: LEGIT Authentication-Results: spool.mail.gandi.net; dkim=pass header.d=groups.io header.s=20240830 header.b=CPWXXJ8n; dmarc=pass (policy=none) header.from=groups.io; spf=pass (spool.mail.gandi.net: domain of bounce@groups.io designates 45.79.224.7 as permitted sender) smtp.mailfrom=bounce@groups.io On Mon, Dec 2, 2024 at 9:25=E2=80=AFPM Rebecca Cran via groups.io wrote: > > I've set up Secure Boot for my firmware, but I'm having problems when > trying to have fwupdmgr install a DBX update. > > Since I've run into problems setting up arm64_DBXUpdate.bin from > uefi.org or DefaultDbx.bin from a build of secureboot_objects I'm > generating my own certificate and installing that as dbxDefault just so > that the variable exists. > > I reset the entire SPI-NOR to default (i.e. deleting any existing > variables), then enable Secure Boot in UiApp and boot openSUSE. When I > run fwupmgr update, I get: > > localhost:~ # fwupdmgr update > Devices with no available firmware updates: > =E2=80=A2 System Firmware > =E2=80=A2 WD BLACK SN850X 4000GB > =E2=95=94=E2=95=90=E2=95=90=E2=95=90=E2=95=90=E2=95=90=E2=95=90=E2=95=90= =E2=95=90=E2=95=90=E2=95=90=E2=95=90=E2=95=90=E2=95=90=E2=95=90=E2=95=90=E2= =95=90=E2=95=90=E2=95=90=E2=95=90=E2=95=90=E2=95=90=E2=95=90=E2=95=90=E2=95= =90=E2=95=90=E2=95=90=E2=95=90=E2=95=90=E2=95=90=E2=95=90=E2=95=90=E2=95=90= =E2=95=90=E2=95=90=E2=95=90=E2=95=90=E2=95=90=E2=95=90=E2=95=90=E2=95=90=E2= =95=90=E2=95=90=E2=95=90=E2=95=90=E2=95=90=E2=95=90=E2=95=90=E2=95=90=E2=95= =90=E2=95=90=E2=95=90=E2=95=90=E2=95=90=E2=95=90=E2=95=90=E2=95=90=E2=95=90= =E2=95=90=E2=95=90=E2=95=90=E2=95=90=E2=95=90=E2=95=90=E2=95=90=E2=95=90=E2= =95=90=E2=95=90=E2=95=90=E2=95=90=E2=95=90=E2=95=90=E2=95=90=E2=95=90=E2=95= =90=E2=95=90=E2=95=90=E2=95=90=E2=95=90=E2=95=97 > =E2=95=91 Upgrade UEFI dbx from 0 to > 26? =E2=95=91 > =E2=95=A0=E2=95=90=E2=95=90=E2=95=90=E2=95=90=E2=95=90=E2=95=90=E2=95=90= =E2=95=90=E2=95=90=E2=95=90=E2=95=90=E2=95=90=E2=95=90=E2=95=90=E2=95=90=E2= =95=90=E2=95=90=E2=95=90=E2=95=90=E2=95=90=E2=95=90=E2=95=90=E2=95=90=E2=95= =90=E2=95=90=E2=95=90=E2=95=90=E2=95=90=E2=95=90=E2=95=90=E2=95=90=E2=95=90= =E2=95=90=E2=95=90=E2=95=90=E2=95=90=E2=95=90=E2=95=90=E2=95=90=E2=95=90=E2= =95=90=E2=95=90=E2=95=90=E2=95=90=E2=95=90=E2=95=90=E2=95=90=E2=95=90=E2=95= =90=E2=95=90=E2=95=90=E2=95=90=E2=95=90=E2=95=90=E2=95=90=E2=95=90=E2=95=90= =E2=95=90=E2=95=90=E2=95=90=E2=95=90=E2=95=90=E2=95=90=E2=95=90=E2=95=90=E2= =95=90=E2=95=90=E2=95=90=E2=95=90=E2=95=90=E2=95=90=E2=95=90=E2=95=90=E2=95= =90=E2=95=90=E2=95=90=E2=95=90=E2=95=90=E2=95=A3 > =E2=95=91 Insecure versions of the Microsoft Windows boot manager affecte= d by > Black =E2=95=91 > =E2=95=91 Lotus were added to the list of forbidden signatures due to a > discovered =E2=95=91 > =E2=95=91 security problem.This updates the dbx to the latest release fro= m > Microsoft. =E2=95=91 > =E2=95=91 =E2=95=91 > =E2=95=91 Before installing the update, fwupd will check for any affected > executables =E2=95=91 > =E2=95=91 in the ESP and will refuse to update if it finds any boot binar= ies > signed =E2=95=91 > =E2=95=91 with any of the forbidden signatures.Applying this update may a= lso > cause =E2=95=91 > =E2=95=91 some Windows install media to not start > correctly. =E2=95=91 > =E2=95=91 =E2=95=91 > =E2=95=9A=E2=95=90=E2=95=90=E2=95=90=E2=95=90=E2=95=90=E2=95=90=E2=95=90= =E2=95=90=E2=95=90=E2=95=90=E2=95=90=E2=95=90=E2=95=90=E2=95=90=E2=95=90=E2= =95=90=E2=95=90=E2=95=90=E2=95=90=E2=95=90=E2=95=90=E2=95=90=E2=95=90=E2=95= =90=E2=95=90=E2=95=90=E2=95=90=E2=95=90=E2=95=90=E2=95=90=E2=95=90=E2=95=90= =E2=95=90=E2=95=90=E2=95=90=E2=95=90=E2=95=90=E2=95=90=E2=95=90=E2=95=90=E2= =95=90=E2=95=90=E2=95=90=E2=95=90=E2=95=90=E2=95=90=E2=95=90=E2=95=90=E2=95= =90=E2=95=90=E2=95=90=E2=95=90=E2=95=90=E2=95=90=E2=95=90=E2=95=90=E2=95=90= =E2=95=90=E2=95=90=E2=95=90=E2=95=90=E2=95=90=E2=95=90=E2=95=90=E2=95=90=E2= =95=90=E2=95=90=E2=95=90=E2=95=90=E2=95=90=E2=95=90=E2=95=90=E2=95=90=E2=95= =90=E2=95=90=E2=95=90=E2=95=90=E2=95=90=E2=95=9D > Perform operation? [Y|n]: y > Downloading=E2=80=A6 [ - ] > > Decompressing=E2=80=A6 [***************************************] > > Authenticating=E2=80=A6 [***************************************] > > Waiting=E2=80=A6 [***************************************] > > Writing=E2=80=A6 [***************************************] > > Restarting device=E2=80=A6 [ ] > > Writing=E2=80=A6 [ ] > > Decompressing=E2=80=A6 [ ] > > Writing=E2=80=A6 [ > > [ 53.309930][ T360] [Firmware Bug]: Unable to handle paging request > in EFI runtime service > ] > failed to write data to efivarfs: Error writing to file descriptor: > Input/output error > > > And dmesg shows: > > [ 53.309930] [ T360] [Firmware Bug]: Unable to handle paging > request in EFI runtime service > [ 53.321038] [ T2422] ------------[ cut here ]------------ > [ 53.321047] [ T2422] WARNING: CPU: 42 PID: 2422 at > drivers/firmware/efi/runtime-wrappers.c:341 __efi_queue_work+0xe4/0x120 > [ 53.321062] [ T2422] Modules linked in: af_packet nft_fib_inet > nft_fib_ipv4 nft_fib_ipv6 nft_fib nft_reject_inet nf_reject_ipv4 > nf_reject_ipv6 nft_reject nft_ct nft_chain_nat ebtable_nat > ebtable_broute rfkill ip6table_nat ip6table_mangle ip6table_raw > ip6table_security iptable_nat nf_nat nf_conntrack nf_defrag_ipv6 > nf_defrag_ipv4 iptable_mangle iptable_raw iptable_security > ebtable_filter ebtables ip6table_filter ip6_tables qrtr nf_tables > iptable_filter binfmt_misc joydev cdc_subset cdc_ether usbnet cdc_acm > mii nls_iso8859_1 nls_cp437 vfat fat snd_usb_audio snd_usbmidi_lib > snd_hwdep snd_ump snd_rawmidi uas snd_seq_device usb_storage mc snd_pcm > sd_mod scsi_dh_emc snd_timer scsi_dh_rdac scsi_dh_alua snd hid_generic > sg soundcore scsi_mod usbhid scsi_common acpi_ipmi ipmi_ssif > ipmi_devintf tiny_power_button igb arm_spe_pmu ipmi_msghandler button > arm_cmn acpiphp_ampere_altra arm_dmc620_pmu arm_dsu_pmu cppc_cpufreq > nvme_fabrics fuse nvme_keyring loop efi_pstore dm_mod nfnetlink > dmi_sysfs ip_tables x_tables aes_ce_blk aes_ce_cipher > [ 53.321224] [ T2422] crct10dif_ce xhci_pci xhci_pci_renesas > polyval_ce polyval_generic ghash_ce gf128mul xhci_hcd sm4 sha2_ce nvme > sha256_arm64 usbcore sha1_ce nvme_core sbsa_gwdt ast nvme_auth > i2c_algo_bit usb_common xgene_hwmon gpio_dwapb btrfs blake2b_generic > libcrc32c xor xor_neon raid6_pq i2c_dev efivarfs > [ 53.321279] [ T2422] CPU: 42 UID: 0 PID: 2422 Comm: fwupd Tainted: > G I 6.11.8-1-default #1 openSUSE Tumbleweed > 1400000003000000474e5500ae3eced04b985462 > [ 53.321290] [ T2422] Tainted: [I]=3DFIRMWARE_WORKAROUND > [ 53.321293] [ T2422] Hardware name: Adlink Ampere Altra Developer > Platform/COM-HPC-Carrier, BIOS TianoCore 24.12.02-01 (SYS: > 2.10.20230517) 12/02/2024 > [ 53.321296] [ T2422] pstate: 60400009 (nZCv daif +PAN -UAO -TCO > -DIT -SSBS BTYPE=3D--) > [ 53.321303] [ T2422] pc : __efi_queue_work+0xe4/0x120 > [ 53.321308] [ T2422] lr : __efi_queue_work+0xd0/0x120 > [ 53.321312] [ T2422] sp : ffff80008583b940 > [ 53.321315] [ T2422] x29: ffff80008583b940 x28: ffff07ff8bcc4500 > x27: 0000000000000000 > [ 53.321324] [ T2422] x26: 0000000000001208 x25: ffff07ff94859c00 > x24: 0000000000000067 > [ 53.321332] [ T2422] x23: ffff07ff94859800 x22: ffff07ff94859c00 > x21: 0000000000001202 > [ 53.321339] [ T2422] x20: ffffaa255f9655a8 x19: ffffaa255f965548 > x18: 0000000000000001 > [ 53.321345] [ T2422] x17: ffff07ff90946340 x16: ffffaa255d6b3198 > x15: 000000000000037d > [ 53.321352] [ T2422] x14: 0000000000000001 x13: 0000000000000000 > x12: 0000000000000800 > [ 53.321359] [ T2422] x11: 071c71c71c71c71c x10: 0000000000001bc0 x9 > : ffffaa255da39d18 > [ 53.321366] [ T2422] x8 : ffff07ff8bcc6120 x7 : 0000000000000000 x6 > : 00000000000003e8 > [ 53.321372] [ T2422] x5 : 00000000410fd0c0 x4 : 0000000000300001 x3 > : 0000000000000000 > [ 53.321379] [ T2422] x2 : 0000000000000000 x1 : 8000000000000015 x0 > : 8000000000000015 > [ 53.321385] [ T2422] Call trace: > [ 53.321388] [ T2422] __efi_queue_work+0xe4/0x120 > [ 53.321392] [ T2422] virt_efi_set_variable+0x74/0xe0 > [ 53.321398] [ T2422] efivar_set_variable_locked+0x7c/0x100 > [ 53.321402] [ T2422] efivar_entry_set_get_size+0x9c/0x170 > [efivarfs 1400000003000000474e55008e4f4f0ee8473f7a] > [ 53.321414] [ T2422] efivarfs_file_write+0x140/0x2e0 [efivarfs > 1400000003000000474e55008e4f4f0ee8473f7a] > [ 53.321421] [ T2422] vfs_write+0xdc/0x370 > [ 53.321427] [ T2422] ksys_write+0x78/0x120 > [ 53.321431] [ T2422] __arm64_sys_write+0x24/0x40 > [ 53.321435] [ T2422] invoke_syscall+0x6c/0x100 > [ 53.321443] [ T2422] el0_svc_common.constprop.0+0xc8/0xf0 > [ 53.321450] [ T2422] do_el0_svc+0x24/0x38 > [ 53.321457] [ T2422] el0_svc+0x3c/0x170 > [ 53.321464] [ T2422] el0t_64_sync_handler+0x120/0x130 > [ 53.321470] [ T2422] el0t_64_sync+0x1a8/0x1b0 > [ 53.321475] [ T2422] ---[ end trace 0000000000000000 ]--- > [ 53.321489] [ T2422] efi: EFI Runtime Services are disabled! > > > I have no idea how to go about debugging why the SetVariable call is > causing the crash. Is it likely to be the way I've got dbxDefault set > up, or does anyone know how I could debug it further? Since this seems to be a dev board, don't you have the symbols for your firmware? :) --=20 Pedro -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#120856): https://edk2.groups.io/g/devel/message/120856 Mute This Topic: https://groups.io/mt/109889108/7686176 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-