From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail05.groups.io (mail05.groups.io [45.79.224.7]) by spool.mail.gandi.net (Postfix) with ESMTPS id 97A22AC0F6C for ; Fri, 21 Jun 2024 08:35:24 +0000 (UTC) DKIM-Signature: a=rsa-sha256; bh=o+GrsoKCbp7Rk2KypWkW5H61R8CdWvwvbZFmh9ZImbc=; c=relaxed/simple; d=groups.io; h=MIME-Version:References:In-Reply-To:From:Date:Message-ID:Subject:To:Cc:Precedence:List-Subscribe:List-Help:Sender:List-Id:Mailing-List:Delivered-To:Resent-Date:Resent-From:Reply-To:List-Unsubscribe-Post:List-Unsubscribe:Content-Type:Content-Transfer-Encoding; s=20240206; t=1718958924; v=1; b=BwM/VColnSO4RyGvHUSbtQWgsCzxrrC4t7f+czYeNXV3JTu6KwCHY5IZJpozjh5Dhw+m9hnA So5ODYdxntGdya9jFrGLoPPVIyRHWoR82IaPv3tjLu4V4b03tIZDt/Rx4DwIMrnpp3PKVL0/WWN 2If1hH9tf8aMY7Kd8Ebg+U513Q2HwPMGiKtiT7QHEMfMfT4beuoI467VDGC9LT0CLUXSrZ9lctw gc4ztls1+T0MNkTZiKXMSfVsdr+smQF2LPAxtggIfYh/5oQk0eaL8NxRXSJmuLkoeLR1As23HIE sqVeUJwOTT+oc5u1BE8+wnfoD0WSUO9NwtaABn8ydnfVw== X-Received: by 127.0.0.2 with SMTP id lgzWYY7687511xcvE6hikNBK; Fri, 21 Jun 2024 01:35:23 -0700 X-Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by mx.groups.io with SMTP id smtpd.web11.68331.1718958922456648711 for ; Fri, 21 Jun 2024 01:35:22 -0700 X-Received: from smtp.kernel.org (transwarp.subspace.kernel.org [100.75.92.58]) by dfw.source.kernel.org (Postfix) with ESMTP id D7D5062411 for ; Fri, 21 Jun 2024 08:35:21 +0000 (UTC) X-Received: by smtp.kernel.org (Postfix) with ESMTPSA id 8DABEC2BBFC for ; Fri, 21 Jun 2024 08:35:21 +0000 (UTC) X-Received: by mail-lj1-f177.google.com with SMTP id 38308e7fff4ca-2ebe3bac6c6so20844191fa.1 for ; Fri, 21 Jun 2024 01:35:21 -0700 (PDT) X-Gm-Message-State: r6tUr2kXzCmEON4UZK5dbuuPx7686176AA= X-Google-Smtp-Source: AGHT+IGOdJ+ZIID9lxVmLg6pMY6qUbsRUTo1YOaHZ8m6XOMGIhlPNsfthNjaZ51m+lVPi/S2syORebc5S+noNR6hyy8= X-Received: by 2002:a19:3816:0:b0:52c:d76f:7f61 with SMTP id 2adb3069b0e04-52cd76f8001mr694307e87.56.1718958919932; Fri, 21 Jun 2024 01:35:19 -0700 (PDT) MIME-Version: 1.0 References: In-Reply-To: From: "Ard Biesheuvel" Date: Fri, 21 Jun 2024 10:35:08 +0200 X-Gmail-Original-Message-ID: Message-ID: Subject: Re: [edk2-devel] Regarding MOR Secure feature To: devel@edk2.groups.io, ray.ni@intel.com Cc: "Yao, Jiewen" , "Xu, Wei6" Precedence: Bulk List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Resent-Date: Fri, 21 Jun 2024 01:35:22 -0700 Resent-From: ardb@kernel.org Reply-To: devel@edk2.groups.io,ardb@kernel.org List-Unsubscribe-Post: List-Unsubscribe=One-Click List-Unsubscribe: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-GND-Status: LEGIT Authentication-Results: spool.mail.gandi.net; dkim=pass header.d=groups.io header.s=20240206 header.b="BwM/VCol"; dmarc=fail reason="SPF not aligned (relaxed), DKIM not aligned (relaxed)" header.from=kernel.org (policy=none); spf=pass (spool.mail.gandi.net: domain of bounce@groups.io designates 45.79.224.7 as permitted sender) smtp.mailfrom=bounce@groups.io Hi Ray, On Fri, 21 Jun 2024 at 10:03, Ni, Ray wrote: > > Ard, > > 7 years ago, Laszlo added this commit (https://github.com/tianocore/edk2/= commit/fda8f631edbbf3823760542a06f12bd60fd39181) to support some OS kernels= that incorrectly "create" the MOR variable. > The OS kernel bug is captured in this bugzilla (bugzilla.redhat.com/show_= bug.cgi?id=3D1498159). It seems to me the OS kernel bugs only exist in Fedo= ra 24 and 25 which are all EOL today. Fedora 26 has the correct implementat= ion that does NOT "create" the MOR variable. The implementation is done by = you here (https://lore.kernel.org/all/20170825155019.6740-2-ard.biesheuvel@= linaro.org/T/#u). > > 5 years ago, you added StandaloneMm variable driver and VariableHaveTcgPr= otocols() returns FALSE always in the standalone MM version. (Commit: https= ://github.com/tianocore/edk2/commit/a855f63e2fdd990837391b0e61e78b3f06b5691= 6) > As a result, MorLock variable is not created. It causes a bug that the BI= OS does not report the MOR Secure feature to OS. > > My questions are: > > can we revert Laszlo's commit? As the bug that commit fixes only exists i= n Fedora 24/25 which are all EOL today. Yes, I think we can revert it, although it is not clear from the commit log what the erroneous behavior is. > why is the MOR secure bug not found in ARM platform? > This is definitely a bug on ARM (and likely other users of standalone MM). The problem is, of course, that standalone MM is standalone, and cannot know for certain which EFI protocols are exposed by the DXE core, nor invoke them directly. > > I think you are the best person to answer the questions because you not o= nly fixed the kernel, but also know details on the ARM standalone MM. > I am so happy with that:) > :-) To be honest, I need some time to page this all back into my brain, but I am happy to help out. MOR does not really rely on the TCG protocols, right? If standalone MM can implement it without its ability to invoke those protocols, we should just separate those. I guess that is what you are doing at the moment? -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#119669): https://edk2.groups.io/g/devel/message/119669 Mute This Topic: https://groups.io/mt/106795434/7686176 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-