From: "Ard Biesheuvel via groups.io" <ardb=kernel.org@groups.io>
To: devel@edk2.groups.io, rebecca@bsdio.com
Cc: Doug Flick <dougflick@microsoft.com>
Subject: Re: [edk2-devel] Debugging EFI Runtime crash when trying to update DBX for Secure Boot in Linux (fwupdmgr update)
Date: Tue, 3 Dec 2024 10:13:59 +0100 [thread overview]
Message-ID: <CAMj1kXHPM5p5q+u0ha865-F3L+w+bNxWoX5A8zPehNZoLcOeew@mail.gmail.com> (raw)
In-Reply-To: <2622e377-6909-4a85-bea3-eedc8c43ced6@bsdio.com>
On Mon, 2 Dec 2024 at 22:25, Rebecca Cran <rebecca@bsdio.com> wrote:
>
> I've set up Secure Boot for my firmware, but I'm having problems when
> trying to have fwupdmgr install a DBX update.
>
> Since I've run into problems setting up arm64_DBXUpdate.bin from
> uefi.org or DefaultDbx.bin from a build of secureboot_objects I'm
> generating my own certificate and installing that as dbxDefault just so
> that the variable exists.
>
> I reset the entire SPI-NOR to default (i.e. deleting any existing
> variables), then enable Secure Boot in UiApp and boot openSUSE. When I
> run fwupmgr update, I get:
>
> localhost:~ # fwupdmgr update
> Devices with no available firmware updates:
> • System Firmware
> • WD BLACK SN850X 4000GB
> ╔══════════════════════════════════════════════════════════════════════════════╗
> ║ Upgrade UEFI dbx from 0 to
> 26? ║
> ╠══════════════════════════════════════════════════════════════════════════════╣
> ║ Insecure versions of the Microsoft Windows boot manager affected by
> Black ║
> ║ Lotus were added to the list of forbidden signatures due to a
> discovered ║
> ║ security problem.This updates the dbx to the latest release from
> Microsoft. ║
> ║ ║
> ║ Before installing the update, fwupd will check for any affected
> executables ║
> ║ in the ESP and will refuse to update if it finds any boot binaries
> signed ║
> ║ with any of the forbidden signatures.Applying this update may also
> cause ║
> ║ some Windows install media to not start
> correctly. ║
> ║ ║
> ╚══════════════════════════════════════════════════════════════════════════════╝
> Perform operation? [Y|n]: y
> Downloading… [ - ]
>
> Decompressing… [***************************************]
>
> Authenticating… [***************************************]
>
> Waiting… [***************************************]
>
> Writing… [***************************************]
>
> Restarting device… [ ]
>
> Writing… [ ]
>
> Decompressing… [ ]
>
> Writing… [
>
> [ 53.309930][ T360] [Firmware Bug]: Unable to handle paging request
> in EFI runtime service
> ]
> failed to write data to efivarfs: Error writing to file descriptor:
> Input/output error
>
>
> And dmesg shows:
>
> [ 53.309930] [ T360] [Firmware Bug]: Unable to handle paging
> request in EFI runtime service
> [ 53.321038] [ T2422] ------------[ cut here ]------------
> [ 53.321047] [ T2422] WARNING: CPU: 42 PID: 2422 at
> drivers/firmware/efi/runtime-wrappers.c:341 __efi_queue_work+0xe4/0x120
> [ 53.321062] [ T2422] Modules linked in: af_packet nft_fib_inet
> nft_fib_ipv4 nft_fib_ipv6 nft_fib nft_reject_inet nf_reject_ipv4
> nf_reject_ipv6 nft_reject nft_ct nft_chain_nat ebtable_nat
> ebtable_broute rfkill ip6table_nat ip6table_mangle ip6table_raw
> ip6table_security iptable_nat nf_nat nf_conntrack nf_defrag_ipv6
> nf_defrag_ipv4 iptable_mangle iptable_raw iptable_security
> ebtable_filter ebtables ip6table_filter ip6_tables qrtr nf_tables
> iptable_filter binfmt_misc joydev cdc_subset cdc_ether usbnet cdc_acm
> mii nls_iso8859_1 nls_cp437 vfat fat snd_usb_audio snd_usbmidi_lib
> snd_hwdep snd_ump snd_rawmidi uas snd_seq_device usb_storage mc snd_pcm
> sd_mod scsi_dh_emc snd_timer scsi_dh_rdac scsi_dh_alua snd hid_generic
> sg soundcore scsi_mod usbhid scsi_common acpi_ipmi ipmi_ssif
> ipmi_devintf tiny_power_button igb arm_spe_pmu ipmi_msghandler button
> arm_cmn acpiphp_ampere_altra arm_dmc620_pmu arm_dsu_pmu cppc_cpufreq
> nvme_fabrics fuse nvme_keyring loop efi_pstore dm_mod nfnetlink
> dmi_sysfs ip_tables x_tables aes_ce_blk aes_ce_cipher
> [ 53.321224] [ T2422] crct10dif_ce xhci_pci xhci_pci_renesas
> polyval_ce polyval_generic ghash_ce gf128mul xhci_hcd sm4 sha2_ce nvme
> sha256_arm64 usbcore sha1_ce nvme_core sbsa_gwdt ast nvme_auth
> i2c_algo_bit usb_common xgene_hwmon gpio_dwapb btrfs blake2b_generic
> libcrc32c xor xor_neon raid6_pq i2c_dev efivarfs
> [ 53.321279] [ T2422] CPU: 42 UID: 0 PID: 2422 Comm: fwupd Tainted:
> G I 6.11.8-1-default #1 openSUSE Tumbleweed
> 1400000003000000474e5500ae3eced04b985462
> [ 53.321290] [ T2422] Tainted: [I]=FIRMWARE_WORKAROUND
> [ 53.321293] [ T2422] Hardware name: Adlink Ampere Altra Developer
> Platform/COM-HPC-Carrier, BIOS TianoCore 24.12.02-01 (SYS:
> 2.10.20230517) 12/02/2024
> [ 53.321296] [ T2422] pstate: 60400009 (nZCv daif +PAN -UAO -TCO
> -DIT -SSBS BTYPE=--)
> [ 53.321303] [ T2422] pc : __efi_queue_work+0xe4/0x120
> [ 53.321308] [ T2422] lr : __efi_queue_work+0xd0/0x120
> [ 53.321312] [ T2422] sp : ffff80008583b940
> [ 53.321315] [ T2422] x29: ffff80008583b940 x28: ffff07ff8bcc4500
> x27: 0000000000000000
> [ 53.321324] [ T2422] x26: 0000000000001208 x25: ffff07ff94859c00
> x24: 0000000000000067
> [ 53.321332] [ T2422] x23: ffff07ff94859800 x22: ffff07ff94859c00
> x21: 0000000000001202
> [ 53.321339] [ T2422] x20: ffffaa255f9655a8 x19: ffffaa255f965548
> x18: 0000000000000001
> [ 53.321345] [ T2422] x17: ffff07ff90946340 x16: ffffaa255d6b3198
> x15: 000000000000037d
> [ 53.321352] [ T2422] x14: 0000000000000001 x13: 0000000000000000
> x12: 0000000000000800
> [ 53.321359] [ T2422] x11: 071c71c71c71c71c x10: 0000000000001bc0 x9
> : ffffaa255da39d18
> [ 53.321366] [ T2422] x8 : ffff07ff8bcc6120 x7 : 0000000000000000 x6
> : 00000000000003e8
> [ 53.321372] [ T2422] x5 : 00000000410fd0c0 x4 : 0000000000300001 x3
> : 0000000000000000
> [ 53.321379] [ T2422] x2 : 0000000000000000 x1 : 8000000000000015 x0
> : 8000000000000015
> [ 53.321385] [ T2422] Call trace:
> [ 53.321388] [ T2422] __efi_queue_work+0xe4/0x120
> [ 53.321392] [ T2422] virt_efi_set_variable+0x74/0xe0
> [ 53.321398] [ T2422] efivar_set_variable_locked+0x7c/0x100
> [ 53.321402] [ T2422] efivar_entry_set_get_size+0x9c/0x170
> [efivarfs 1400000003000000474e55008e4f4f0ee8473f7a]
> [ 53.321414] [ T2422] efivarfs_file_write+0x140/0x2e0 [efivarfs
> 1400000003000000474e55008e4f4f0ee8473f7a]
> [ 53.321421] [ T2422] vfs_write+0xdc/0x370
> [ 53.321427] [ T2422] ksys_write+0x78/0x120
> [ 53.321431] [ T2422] __arm64_sys_write+0x24/0x40
> [ 53.321435] [ T2422] invoke_syscall+0x6c/0x100
> [ 53.321443] [ T2422] el0_svc_common.constprop.0+0xc8/0xf0
> [ 53.321450] [ T2422] do_el0_svc+0x24/0x38
> [ 53.321457] [ T2422] el0_svc+0x3c/0x170
> [ 53.321464] [ T2422] el0t_64_sync_handler+0x120/0x130
> [ 53.321470] [ T2422] el0t_64_sync+0x1a8/0x1b0
> [ 53.321475] [ T2422] ---[ end trace 0000000000000000 ]---
> [ 53.321489] [ T2422] efi: EFI Runtime Services are disabled!
>
>
> I have no idea how to go about debugging why the SetVariable call is
> causing the crash. Is it likely to be the way I've got dbxDefault set
> up, or does anyone know how I could debug it further?
>
>
This is definitely going to be tricky to debug.
If this firmware does not have the Altra/eMAG bug, i.e., if you *don't* see
EFI stub: Working around broken SetVirtualAddressMap()
on the console right before Linux boots, the runtime services will be
mapped 1:1 wrt their boot time mappings, and so it should be possible
to load the boot time symbols and use them for debugging SetVariable()
at runtime.
Alternatively, if you have multiple UARTs, you could use a separate
one for DEBUG output and keep it enabled while running under the OS.
You will need to create a runtime mapping for it in this case, similar
to e.g., how the PL031 driver creates a mapping for its MMIO registers
so that the GetTime boot services can access them. Note that you will
need to hide this UART from the OS description too.
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#120860): https://edk2.groups.io/g/devel/message/120860
Mute This Topic: https://groups.io/mt/109889108/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-
prev parent reply other threads:[~2024-12-03 9:14 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-12-02 21:25 [edk2-devel] Debugging EFI Runtime crash when trying to update DBX for Secure Boot in Linux (fwupdmgr update) Rebecca Cran
2024-12-02 23:29 ` Pedro Falcato via groups.io
2024-12-02 23:39 ` Rebecca Cran
2024-12-02 23:47 ` Pedro Falcato via groups.io
2024-12-03 9:13 ` Ard Biesheuvel via groups.io [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-list from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=CAMj1kXHPM5p5q+u0ha865-F3L+w+bNxWoX5A8zPehNZoLcOeew@mail.gmail.com \
--to=devel@edk2.groups.io \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox