From: Maximilian Luz <luzmaximilian@gmail.com>
To: Ard Biesheuvel <ardb@kernel.org>
Cc: Bjorn Andersson <andersson@kernel.org>,
Andy Gross <agross@kernel.org>,
Konrad Dybcio <konrad.dybcio@linaro.org>,
Ilias Apalodimas <ilias.apalodimas@linaro.org>,
Srinivas Kandagatla <srinivas.kandagatla@linaro.org>,
Sudeep Holla <sudeep.holla@arm.com>,
Johan Hovold <johan@kernel.org>,
Steev Klimaszewski <steev@kali.org>,
linux-arm-msm@vger.kernel.org, linux-kernel@vger.kernel.org
Subject: Re: [PATCH v5 3/3] firmware: Add support for Qualcomm UEFI Secure Application
Date: Thu, 3 Aug 2023 19:09:34 +0200 [thread overview]
Message-ID: <b8b82aee-45a5-5e56-1737-4ec78f6279c2@gmail.com> (raw)
In-Reply-To: <CAMj1kXHOaEuP2Wds9ZU4RLx9oKhthvE=yR-Ju_Ka2boqTmTYNw@mail.gmail.com>
On 8/3/23 17:44, Ard Biesheuvel wrote:
> On Sun, 30 Jul 2023 at 18:19, Maximilian Luz <luzmaximilian@gmail.com> wrote:
[...]
>> +/* -- Driver setup. --------------------------------------------------------- */
>> +
>> +static int qcom_uefisecapp_probe(struct auxiliary_device *aux_dev,
>> + const struct auxiliary_device_id *aux_dev_id)
>> +{
>> + struct qcuefi_client *qcuefi;
>> + int status;
>> +
>> + qcuefi = devm_kzalloc(&aux_dev->dev, sizeof(*qcuefi), GFP_KERNEL);
>> + if (!qcuefi)
>> + return -ENOMEM;
>> +
>> + qcuefi->client = container_of(aux_dev, struct qseecom_client, aux_dev);
>> +
>> + auxiliary_set_drvdata(aux_dev, qcuefi);
>> + status = qcuefi_set_reference(qcuefi);
>> + if (status)
>> + return status;
>> +
>> + status = efivars_register(&qcuefi->efivars, &qcom_efivar_ops);
>
> Will this also work if the EFI runtime services were already
> registered by the time we reach this point?
That's actually a good question. In short: No. However, let me explain
that a bit:
First, we assume that we're the only other non-generic provider
(arguably, multiple non-generic providers don't make much sense on a
single platform anyway, so I'd say in that case it's okay to fail here).
Second, we assume that the generic ops are not going to be registered at
all on the platforms that this implementation is used. In particular, on
the platforms I've tested and heard reports from so far, "standard"
efivars either aren't actively advertised as "supported" or they return
EFI_UNSUPPORTED for all calls. So we assume that either the check in
efisubsys_init() or in generic_ops_supported() prevents registration
of the generic ops.
Further, I'd hope that the uefisecapp would not be loaded if generic ops
would be supported on such a platform, thus preventing instantiation of
the respective client device.
So the only issue that I can see is that if uefisecapp is loaded and
generic ops are supported, we would need a way to choose one over the
other. But I think that is fairly unlikely to happen and I think it
would probably be best to sort that out then (e.g. by refusing to load
this new driver with some additional check).
Apart from that case, there should not be any timing issues that could
cause registration to fail spuriously.
Regards
Max
next prev parent reply other threads:[~2023-08-03 17:10 UTC|newest]
Thread overview: 17+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-07-30 16:19 [PATCH v5 0/3] firmware: Add support for Qualcomm UEFI Secure Application Maximilian Luz
2023-07-30 16:19 ` [PATCH v5 1/3] lib/ucs2_string: Add UCS-2 strscpy function Maximilian Luz
2023-08-03 15:17 ` Bjorn Andersson
2023-08-04 8:18 ` Kees Cook
2023-08-04 19:23 ` Maximilian Luz
2023-07-30 16:19 ` [PATCH v5 2/3] firmware: qcom_scm: Add support for Qualcomm Secure Execution Environment SCM interface Maximilian Luz
2023-07-30 18:04 ` Maximilian Luz
2023-07-30 18:47 ` Maximilian Luz
2023-08-04 16:48 ` Johan Hovold
2023-08-04 20:11 ` Maximilian Luz
2023-08-07 8:46 ` Johan Hovold
2023-07-30 16:19 ` [PATCH v5 3/3] firmware: Add support for Qualcomm UEFI Secure Application Maximilian Luz
2023-08-03 15:44 ` Ard Biesheuvel
2023-08-03 17:09 ` Maximilian Luz [this message]
2023-08-04 10:56 ` Ard Biesheuvel
2023-08-04 16:54 ` Johan Hovold
2023-08-04 19:44 ` Maximilian Luz
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=b8b82aee-45a5-5e56-1737-4ec78f6279c2@gmail.com \
--to=luzmaximilian@gmail.com \
--cc=agross@kernel.org \
--cc=andersson@kernel.org \
--cc=ardb@kernel.org \
--cc=ilias.apalodimas@linaro.org \
--cc=johan@kernel.org \
--cc=konrad.dybcio@linaro.org \
--cc=linux-arm-msm@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=srinivas.kandagatla@linaro.org \
--cc=steev@kali.org \
--cc=sudeep.holla@arm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox