From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id AD311C433EF for ; Thu, 11 Nov 2021 10:33:05 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 950CB61077 for ; Thu, 11 Nov 2021 10:33:05 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232647AbhKKKfx (ORCPT ); Thu, 11 Nov 2021 05:35:53 -0500 Received: from mga07.intel.com ([134.134.136.100]:54889 "EHLO mga07.intel.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229668AbhKKKfv (ORCPT ); Thu, 11 Nov 2021 05:35:51 -0500 X-IronPort-AV: E=McAfee;i="6200,9189,10164"; a="296327252" X-IronPort-AV: E=Sophos;i="5.87,225,1631602800"; d="scan'208";a="296327252" Received: from orsmga007.jf.intel.com ([10.7.209.58]) by orsmga105.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 11 Nov 2021 02:33:02 -0800 X-IronPort-AV: E=Sophos;i="5.87,225,1631602800"; d="scan'208";a="492493741" Received: from lahna.fi.intel.com (HELO lahna) ([10.237.72.163]) by orsmga007-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 11 Nov 2021 02:32:59 -0800 Received: by lahna (sSMTP sendmail emulation); Thu, 11 Nov 2021 12:32:56 +0200 Date: Thu, 11 Nov 2021 12:32:56 +0200 From: Mika Westerberg To: Hans-Gert Dahmen Cc: Mauro Lima , Andy Shevchenko , Greg KH , "akpm@linux-foundation.org" , "linux-kernel@vger.kernel.org" , Philipp Deppenwiese , Richard Hughes , "platform-driver-x86@vger.kernel.org" Subject: Re: [PATCH] firmware: export x86_64 platform flash bios region via sysfs Message-ID: References: MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: Organization: Intel Finland Oy - BIC 0357606-4 - Westendinkatu 7, 02160 Espoo Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Hi, On Thu, Nov 11, 2021 at 09:59:32AM +0100, Hans-Gert Dahmen wrote: > > I think we discussed this previously already but in any case, instead of > > removing the tag from the "main" driver, we can make certain "safe" > > parts of the driver available without that tag. That would allow you to > > read the things the controller exposes and allow distros safely include > > the driver too. By "safe" parts, I mean the information available > > through the SPI flash controller without actually sending commands to > > the flash chip. I think this is the information everybody (on this > > thread at least) is interested in. Unless I'm mistaken - I did not check > > Yes you are mistaken. My patch is about safely reading the BIOS/UEFI > binary on every past and future x86_64 system. There are tools out > there that use the interface my patch uses and they can not work any > longer when /dev/mem is locked down with SecureBoot enabled. The > tools, like fwupd, should work out-of-the-box on the typical > distribution. During this discussion we were told that my patch is not > welcome and that we have to work with you to achieve the same. So I'm > curious to hear how that can be done. OK, I see from your patch that it uses the direct mapped read-only region to read this data. Do we know what information exactly fwupd needs? I mean exposing all of this might not be good idea from security perspective (but I'm not an expert). However, we can perhaps expose some of it through intel-spi, and make that work so that distros can enable it safely. My concern of removing the DANGEROUS tag is that we end up bricking yet another Lenovo laptop by accident. Avoiding that would give me more peace of mind :)