lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date:   Fri, 13 Sep 2019 19:54:35 +0100
From:   Ard Biesheuvel <ard.biesheuvel@...aro.org>
To:     "Bradford, Robert" <robert.bradford@...el.com>
Cc:     "tglx@...utronix.de" <tglx@...utronix.de>,
        "jgross@...e.com" <jgross@...e.com>,
        "riel@...riel.com" <riel@...riel.com>,
        "x86@...nel.org" <x86@...nel.org>, "bp@...en8.de" <bp@...en8.de>,
        "hpa@...or.com" <hpa@...or.com>,
        "mingo@...hat.com" <mingo@...hat.com>,
        "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
        "jian-hong@...lessm.com" <jian-hong@...lessm.com>
Subject: Re: [PATCH] x86/reboot: Avoid EFI reboot when not running on EFI

On Thu, 29 Aug 2019 at 07:34, Bradford, Robert
<robert.bradford@...el.com> wrote:
>
> On Thu, 2019-08-29 at 14:18 +0200, Thomas Gleixner wrote:
> > On Thu, 29 Aug 2019, Rob Bradford wrote:
> >
> > CC+ Ard
> >
> > > Replace the check using efi_runtime_disabled() which only checks if
> > > EFI
> > > runtime was disabled on the kernel command line with a call to
> > > efi_enabled(EFI_RUNTIME_SERVICES) to check if EFI runtime services
> > > are
> > > available.
> > >
> > > In the situation where the kernel was booted without an EFI
> > > environment
> > > then only efi_enabled(EFI_RUNTIME_SERVICES) correctly represents
> > > that no
> > > EFI is available. Setting "noefi" or "efi=noruntime" on the
> > > commandline
> > > continue to have the same effect as
> > > efi_enabled(EFI_RUNTIME_SERVICES)
> > > will return false.
> > >
> > >
> > > Signed-off-by: Rob Bradford <robert.bradford@...el.com>
> > > ---
> > >  arch/x86/kernel/reboot.c | 2 +-
> > >  1 file changed, 1 insertion(+), 1 deletion(-)
> > >
> > > diff --git a/arch/x86/kernel/reboot.c b/arch/x86/kernel/reboot.c
> > > index 09d6bded3c1e..0b0a7fccdb00 100644
> > > --- a/arch/x86/kernel/reboot.c
> > > +++ b/arch/x86/kernel/reboot.c
> > > @@ -500,7 +500,7 @@ static int __init reboot_init(void)
> > >      */
> > >     rv = dmi_check_system(reboot_dmi_table);
> > >
> > > -   if (!rv && efi_reboot_required() && !efi_runtime_disabled())
> > > +   if (!rv && efi_reboot_required() &&
> > > efi_enabled(EFI_RUNTIME_SERVICES))

This change by itself seems correct to me - efi_runtime_disabled()
only gives you whether EFI runtime services were disabled explicitly
command line rather than whether they are available at all.


> >
> > Why is efi_reboot_required() set at all in that situation?
> >
> Hi Thomas,
>
> This platform uses HW Reduced ACPI (
> https://github.com/intel/cloud-hypervisor) but also supports direct
> kernel boot without EFI.
>
> /*
>  * For most modern platforms the preferred method of powering off is
> via
>  * ACPI. However, there are some that are known to require the use of
>  * EFI runtime services and for which ACPI does not work at all.
>  *
>  * Using EFI is a last resort, to be used only if no other option
>  * exists.
>  */
> bool efi_reboot_required(void)
> {
>         if (!acpi_gbl_reduced_hardware)
>                 return false;
>
>         efi_reboot_quirk_mode = EFI_RESET_WARM;
>         return true;
> }
>
> This is a hardware workaround that assumes that all ACPI HW reduced
> platforms do not support ACPI reset:
>

I'm not that familiar with the situation on x86, but I did discuss
this with the MS Windows engineers back in April, and their policy is
to strongly prefer ACPI reboot, and so that is most likely to work on
arbitrary x86 hardware which was built to run Windows.

So I do think the patch below is overly broad, given that the ACPI
spec is unambiguous about the fact the FADT reset is also covered by
H/W reduced ACPI.

However, I do share Rob's reservation given how quirky x86 hardware
can be in this respect.

TL;DR:

Acked-by: Ard Biesheuvel <ard.biesheuvel@...aro.org>



> commit 44be28e9dd9880dca3e2cbf7a844f2114e67f2cb
> Author: Matt Fleming <matt.fleming@...el.com>
> Date:   Fri Jun 13 12:39:55 2014 +0100
>
>     x86/reboot: Add EFI reboot quirk for ACPI Hardware Reduced flag
>
>     It appears that the BayTrail-T class of hardware requires EFI in
> order
>     to powerdown and reboot and no other reliable method exists.
>
>     This quirk is generally applicable to all hardware that has the
> ACPI
>     Hardware Reduced bit set, since usually ACPI would be the preferred
>     method.
>
>     Cc: Len Brown <len.brown@...el.com>
>     Cc: Mark Salter <msalter@...hat.com>
>     Cc: "Rafael J. Wysocki" <rafael.j.wysocki@...el.com>
>     Signed-off-by: Matt Fleming <matt.fleming@...el.com>
>
> I'm reluctant to change the behaviour of efi_reboot_required() as it
> might break older hardware whereas checking if we have an EFI runtime
> is safer.
>
> Rob

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ