From: Ard Biesheuvel <ardb@kernel.org>
To: linux-efi@vger.kernel.org
Cc: Ard Biesheuvel <ardb@kernel.org>,
Jeffrey Hugo <jhugo@codeaurora.org>,
Bjorn Andersson <bjorn.andersson@linaro.org>,
Shawn Guo <shawn.guo@linaro.org>, Rob Clark <robdclark@gmail.com>,
Leif Lindholm <leif@nuviainc.com>,
linux-arm-msm@vger.kernel.org
Subject: [PATCH] efi: stub: override RT_PROP table supported mask based on EFI variable
Date: Sat, 6 Mar 2021 12:35:19 +0100 [thread overview]
Message-ID: <20210306113519.294287-1-ardb@kernel.org> (raw)
Allow EFI systems to override the set of supported runtime services
declared via the RT_PROP table, by checking for the existence of a
'OverrideSupported' EFI variable of the appropriate size under the
RT_PROP table GUID, and if it does, combine the supported mask using
logical AND. (This means the override can only remove support, not
add it back).
Cc: Jeffrey Hugo <jhugo@codeaurora.org>,
Cc: Bjorn Andersson <bjorn.andersson@linaro.org>
Cc: Shawn Guo <shawn.guo@linaro.org>
Cc: Rob Clark <robdclark@gmail.com>
Cc: Leif Lindholm <leif@nuviainc.com>
Cc: linux-arm-msm@vger.kernel.org
Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
---
drivers/firmware/efi/libstub/efi-stub.c | 37 ++++++++++++++++++++
1 file changed, 37 insertions(+)
diff --git a/drivers/firmware/efi/libstub/efi-stub.c b/drivers/firmware/efi/libstub/efi-stub.c
index 26e69788f27a..a23d95039b2a 100644
--- a/drivers/firmware/efi/libstub/efi-stub.c
+++ b/drivers/firmware/efi/libstub/efi-stub.c
@@ -96,6 +96,41 @@ static void install_memreserve_table(void)
efi_err("Failed to install memreserve config table!\n");
}
+static void check_rt_properties_table_override(void)
+{
+ static const efi_guid_t rt_prop_guid = EFI_RT_PROPERTIES_TABLE_GUID;
+ efi_rt_properties_table_t *table;
+ unsigned long size = sizeof(u32);
+ efi_status_t status;
+ u32 override;
+
+ status = get_efi_var(L"OverrideSupported", &rt_prop_guid, NULL, &size, &override);
+ if (status != EFI_SUCCESS || size != sizeof(override))
+ return;
+
+ table = get_efi_config_table(rt_prop_guid);
+ if (!table) {
+ /* no table exists yet - allocate a new one */
+ status = efi_bs_call(allocate_pool, EFI_RUNTIME_SERVICES_DATA,
+ sizeof(*table), (void **)&table);
+ if (status != EFI_SUCCESS)
+ return;
+ table->version = EFI_RT_PROPERTIES_TABLE_VERSION;
+ table->length = sizeof(*table);
+ table->runtime_services_supported = EFI_RT_SUPPORTED_ALL;
+
+ status = efi_bs_call(install_configuration_table,
+ (efi_guid_t *)&rt_prop_guid, table);
+ if (status != EFI_SUCCESS) {
+ efi_warn("Failed to install RT_PROP override table\n");
+ return;
+ }
+ }
+
+ efi_info("Applying RT_PROP table override from EFI variable\n");
+ table->runtime_services_supported &= override;
+}
+
static u32 get_supported_rt_services(void)
{
const efi_rt_properties_table_t *rt_prop_table;
@@ -210,6 +245,8 @@ efi_status_t __efiapi efi_pe_entry(efi_handle_t handle,
secure_boot = efi_get_secureboot();
+ check_rt_properties_table_override();
+
/*
* Unauthenticated device tree data is a security hazard, so ignore
* 'dtb=' unless UEFI Secure Boot is disabled. We assume that secure
--
2.30.1
next reply other threads:[~2021-03-06 11:36 UTC|newest]
Thread overview: 27+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-03-06 11:35 Ard Biesheuvel [this message]
2021-03-07 11:02 ` [PATCH] efi: stub: override RT_PROP table supported mask based on EFI variable Shawn Guo
2021-03-08 13:34 ` Ard Biesheuvel
2021-03-09 3:22 ` Shawn Guo
2021-03-09 8:51 ` Ard Biesheuvel
2021-03-09 18:13 ` Rob Clark
2021-03-09 18:47 ` Ard Biesheuvel
2021-03-09 21:19 ` Rob Clark
2021-03-15 3:11 ` Shawn Guo
2021-03-15 13:07 ` Ard Biesheuvel
2021-03-16 7:42 ` Heinrich Schuchardt
2021-03-16 7:52 ` Ard Biesheuvel
2021-03-16 8:04 ` Ilias Apalodimas
2021-03-16 8:14 ` Ard Biesheuvel
2021-03-16 8:27 ` Ilias Apalodimas
2021-03-16 7:52 ` Shawn Guo
2021-03-16 7:57 ` Ard Biesheuvel
2021-03-16 9:06 ` Shawn Guo
2021-03-16 9:33 ` Ard Biesheuvel
2021-03-17 6:36 ` Shawn Guo
2021-03-17 6:58 ` Ard Biesheuvel
2021-03-16 9:33 ` Ilias Apalodimas
2021-03-16 13:25 ` Heinrich Schuchardt
2021-03-16 14:06 ` Ard Biesheuvel
2021-03-16 14:45 ` Heinrich Schuchardt
2021-03-16 14:55 ` Ard Biesheuvel
2021-03-16 16:06 ` Heinrich Schuchardt
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20210306113519.294287-1-ardb@kernel.org \
--to=ardb@kernel.org \
--cc=bjorn.andersson@linaro.org \
--cc=jhugo@codeaurora.org \
--cc=leif@nuviainc.com \
--cc=linux-arm-msm@vger.kernel.org \
--cc=linux-efi@vger.kernel.org \
--cc=robdclark@gmail.com \
--cc=shawn.guo@linaro.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox