Re: [PATCH] efi: stub: override RT_PROP table supported mask based on EFI variable

[Heinrich Schuchardt <xypron.glpk@gmx.de>]

On 16.03.21 10:33, Ilias Apalodimas wrote:
> Hi Shawn,
>
>>>>>>> So an installer either needs to set the EFI variable, or pass
>>>>>>> efi=novamap on the first boot. Note that there are no arm64 EFI
>>>>>>> systems known where efi=novamap causes problems. In fact, I would
>>>>>>> prefer to stop using SetVirtualAddressMap() altogether, as it does not
>>>>>>> provide any benefit whatsoever. So perhaps we should make efi=novamap
>>>>>>> the default and be done with it.
>>>>>>>
>>>>>>> Broken poweroff is hardly a showstopper for an installer, given that
>>>>>>> we cannot even install GRUB correctly.
>>>>>>>
>>>>>>> In summary, I am more than happy to collaborate constructively on this
>>>>>>> (which is why I wrote the patch), but I don't think we're at a point
>>>>>>> yet where this is the only thing standing in our way when it comes to
>>>>>>> a smooth out-of-the-box Linux installation experience.
>>>>>>
>>>>>> There might be more to be done for getting a smooth Linux installation
>>>>>> experience.  But IMHO, this `OverrideSupported` thing is definitely
>>>>>> a big step to that.
>>>>>>
>>>>>
>>>>> So the problem here seems to be that grub-install (or efibootmgr)
>>>>> tolerates efivarfs being absent entirely, but bails out if it exists
>>>>> but gives an error when trying to access it, right?
>>>>
>>>> Yes, with EFI variables runtime service marked as unsupported,
>>>> efibootmgr will just exit on efi_variables_supported() check [1] in
>>>> a way that its parent process, i.e. grub-install, doesn't take as an
>>>> error.  But otherwise, efibootmgr will go much further and exit with
>>>> a real error when trying to access efivars.
>>>>
>>>
>>> OK, so I suggest we fix efibootmgr, by extending the
>>> efi_variables_supported() check to perform a GetVariable() call on an
>>> arbitrary variable (e.g., BootOrder),
>>
>> Hmm, I'm not sure we should ask more from user space, as it's already
>> been doing the right thing, and efi_variables_supported() is proved to
>> work properly with any sane low-level software (kernel + firmware),
>> either EFI variables service is supported or not.  That said, IMHO,

No, there is not one but there are three EFI variable services.

GetVariable() available after ExitBootServices() and SetVariable() not
available() is completely legal according to the current UEFI specification.

>> right now the low-level software on Snapdragon laptops is insane, i.e.
>> the unsupported/broken EFI runtime services are not communicated to
>> user space properly in established way.

Please, describe:

* Which UEFI version is reported by your Snapdragon laptop?
* What is the observed behavior?

>
> But the EFI_UNSUPPORTED is an error that's allowed from the spec.
> Yes the sane thing to do is not expose it at all, but it's not violating
> any spec by doing so.
> So why shouldn't a userspace application be able to handle all return codes
> explicitly and instead treat them as a single error? And when that happens why
> should the kernel mask that error out for it?

The runtime services must always be callable even they can only report
EFI_UNSUPPORTED.

Only since UEFI specification 2.8 errata B do we have the
EFI_RT_PROPERTIES_TABLE which tells us which runtime services are
implemented.

UEFI 2.8 B makes it clear that any runtime service may be reported as
unsupported. EFI applications are expected to cope with a service being
unavailable.

For embedded systems we have the EBBR specification which specifies that
the SetVariable() runtime service is not required to be implemented at
runtime
(https://github.com/ARM-software/ebbr/blob/main/source/chapter2-uefi.rst#uefi-runtime-services).
Ony SetVirtualAddressMap() and ConvertPointer() are required by the EBBR.

Software should not mess with EFI variables without explicit consent by
the user. In this respect GRUB is a real nuisance. Given a Windows
computer installing GRUB changes the BootOrder variable. This results in
a system that directly starts into GRUB instead of Windows. GRUB
provides a menu entry for Windows that cannot boot because it conflicts
with Windows measured boot.

Best regards

Heinrich

>
> Thanks
> /Ilias
>>
>> Shawn
>>
>>> and treat EFI_UNSUPPORTED as a
>>> special case that means that carrying on is pointless.
>>>
>>> (but someone please confirm that the snapdragon efi firmware does
>>> return EFI_UNSUPPORTED and not some other return value when calling
>>> GetVariable() from under the OS)