lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date:   Tue, 8 Feb 2022 13:55:11 +0000
From:   Aditya Garg <gargaditya08@...e.com>
To:     Ard Biesheuvel <ardb@...nel.org>, Jeremy Kerr <jk@...abs.org>,
        Matthew Garrett <mjg59@...f.ucam.org>
CC:     Orlando Chamberlain <redecorating@...tonmail.com>,
        Aun-Ali Zaidi <admin@...eit.net>,
        "linux-efi@...r.kernel.org" <linux-efi@...r.kernel.org>,
        Linux Kernel Mailing List <linux-kernel@...r.kernel.org>
Subject: [BUG SEVERE] Failure to enable EFI Runtime services on T2 Macs

On using some specific kernel configuration, on Macs with the T2 Security chip, EFI Runtime services fail to start. Some logs which may be useful are as follows :-

Feb 08 17:11:11 MacBook kernel: [Firmware Bug]: Page fault caused by firmware at PA: 0xffffa79840068000
Feb 08 17:11:11 MacBook kernel: WARNING: CPU: 11 PID: 150 at arch/x86/platform/efi/quirks.c:735 efi_crash_gracefully_on_page_fault+0x50/0xd0
Feb 08 17:11:11 MacBook kernel: Modules linked in:
Feb 08 17:11:11 MacBook kernel: CPU: 11 PID: 150 Comm: kworker/u24:1 Not tainted 5.15.19-t2 #2
Feb 08 17:11:11 MacBook kernel: Hardware name: Apple Inc. MacBookPro16,1/Mac-E1008331FDC96864, BIOS 1715.81.2.0.0 (iBridge: 19.16.10744.0.0,0) 01/06/2022
Feb 08 17:11:11 MacBook kernel: Workqueue: efi_rts_wq efi_call_rts
Feb 08 17:11:11 MacBook kernel: RIP: 0010:efi_crash_gracefully_on_page_fault+0x50/0xd0
Feb 08 17:11:11 MacBook kernel: Code: fc e8 b4 fb 02 00 49 81 fc ff 0f 00 00 76 08 48 3d 30 9e dc a8 74 04 41 5c 5d c3 4c 89 e6 48 c7 c7 20 c5 1b a8 e8 9f 7f bb 00 <0f> 0b 83 3d 57 56 12 02 0a 0f 84 89 6f bb 00 e8 9c 1a 00 00 48 8b
Feb 08 17:11:11 MacBook kernel: RSP: 0000:ffffa79840592a08 EFLAGS: 00010086
Feb 08 17:11:11 MacBook kernel: RAX: 0000000000000000 RBX: ffffa79840592a48 RCX: ffffffffa857a088
Feb 08 17:11:11 MacBook kernel: RDX: 00000000ffffdfff RSI: ffffa79840592848 RDI: 0000000000000000
Feb 08 17:11:11 MacBook kernel: RBP: ffffa79840592a10 R08: 0000000000000003 R09: 0000000000000001
Feb 08 17:11:11 MacBook kernel: R10: 0000000000ffff10 R11: 000000000000000f R12: ffffa79840068000
Feb 08 17:11:11 MacBook kernel: R13: 0000000000000000 R14: ffffa79840592b98 R15: ffff897a816a3200
Feb 08 17:11:11 MacBook kernel: FS:  0000000000000000(0000) GS:ffff897deecc0000(0000) knlGS:0000000000000000
Feb 08 17:11:11 MacBook kernel: CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
Feb 08 17:11:11 MacBook kernel: CR2: ffffa79840068000 CR3: 00000001001ea002 CR4: 00000000003706e0
Feb 08 17:11:11 MacBook kernel: Call Trace:
Feb 08 17:11:11 MacBook kernel:  <TASK>
Feb 08 17:11:11 MacBook kernel:  page_fault_oops+0x4f/0x2b0
Feb 08 17:11:11 MacBook kernel:  ? search_bpf_extables+0x63/0x80
Feb 08 17:11:11 MacBook kernel:  ? search_exception_tables+0x5b/0x60
Feb 08 17:11:11 MacBook kernel:  kernelmode_fixup_or_oops+0x9e/0x110
Feb 08 17:11:11 MacBook kernel:  __bad_area_nosemaphore+0x155/0x190
Feb 08 17:11:11 MacBook kernel:  bad_area_nosemaphore+0x16/0x20
Feb 08 17:11:11 MacBook kernel:  do_kern_addr_fault+0x62/0x80
Feb 08 17:11:11 MacBook kernel:  exc_page_fault+0xd8/0x160
Feb 08 17:11:11 MacBook kernel:  asm_exc_page_fault+0x1e/0x30
Feb 08 17:11:11 MacBook kernel: RIP: 0010:0xfffffffeefc440c5
Feb 08 17:11:11 MacBook kernel: Code: 31 c9 48 29 f9 48 83 e1 0f 74 0c 4c 39 c1 49 0f 47 c8 49 29 c8 f3 a4 4c 89 c1 49 83 e0 0f 48 c1 e9 04 74 2c f3 0f 7f 44 24 18 <f3> 0f 6f 06 66 0f e7 07 48 83 c6 10 48 83 c7 10 e2 ee 0f ae f0 66
Feb 08 17:11:11 MacBook kernel: RSP: 0000:ffffa79840592c48 EFLAGS: 00010286
Feb 08 17:11:11 MacBook kernel: RAX: fffffffeefc92256 RBX: ffffffffa82127ba RCX: 0000000000000032
Feb 08 17:11:11 MacBook kernel: RDX: ffffa79840067d20 RSI: ffffa79840067ffa RDI: fffffffeefc92530
Feb 08 17:11:11 MacBook kernel: RBP: ffffa79840592cd0 R08: 000000000000000d R09: ffffa79840068326
Feb 08 17:11:11 MacBook kernel: R10: fffffffeefc8e018 R11: 0000000000085dc9 R12: 0000000000000000
Feb 08 17:11:11 MacBook kernel: R13: ffffa79840067db0 R14: ffffa79840067d01 R15: 0000000000000607
Feb 08 17:11:11 MacBook kernel:  ? __efi_call+0x28/0x30
Feb 08 17:11:11 MacBook kernel:  ? switch_mm+0x20/0x40
Feb 08 17:11:11 MacBook kernel:  ? efi_call_rts+0x189/0x6f0
Feb 08 17:11:11 MacBook kernel:  ? process_one_work+0x22b/0x3d0
Feb 08 17:11:11 MacBook kernel:  ? worker_thread+0x4d/0x3f0
Feb 08 17:11:11 MacBook kernel:  ? process_one_work+0x3d0/0x3d0
Feb 08 17:11:11 MacBook kernel:  ? kthread+0x12a/0x150
Feb 08 17:11:11 MacBook kernel:  ? set_kthread_struct+0x40/0x40
Feb 08 17:11:11 MacBook kernel:  ? ret_from_fork+0x22/0x30
Feb 08 17:11:11 MacBook kernel:  </TASK>
Feb 08 17:11:11 MacBook kernel: ---[ end trace b0e21a194e80a466 ]---
Feb 08 17:11:11 MacBook kernel: efi: Froze efi_rts_wq and disabled EFI Runtime Services
Feb 08 17:11:11 MacBook kernel: integrity: Couldn't get size: 0x8000000000000015
Feb 08 17:11:11 MacBook kernel: integrity: MODSIGN: Couldn't get UEFI db list
Feb 08 17:11:11 MacBook kernel: efi: EFI Runtime Services are disabled!
Feb 08 17:11:11 MacBook kernel: integrity: Couldn't get size: 0x8000000000000015
Feb 08 17:11:11 MacBook kernel: integrity: Couldn't get UEFI dbx list
Feb 08 17:11:11 MacBook kernel: integrity: Couldn't get size: 0x8000000000000015
Feb 08 17:11:11 MacBook kernel: integrity: Couldn't get mokx list
Feb 08 17:11:11 MacBook kernel: integrity: Couldn't get size: 0x8000000000000015
Feb 08 17:11:11 MacBook kernel: integrity: Couldn't get UEFI MokListRT
Feb 08 17:11:11 MacBook kernel: ima: No TPM chip found, activating TPM-bypass!
Feb 08 17:11:11 MacBook kernel: Loading compiled-in module X.509 certificates
Feb 08 17:11:11 MacBook kernel: Loaded X.509 cert 'Build time autogenerated kernel key: 4fe3a063ebcd82317099edaaf5ee8e3719392e6e'
Feb 08 17:11:11 MacBook kernel: ima: Allocated hash algorithm: sha1
Feb 08 17:11:11 MacBook kernel: ima: No architecture policies found
Feb 08 17:11:11 MacBook kernel: evm: Initialising EVM extended attributes:
Feb 08 17:11:11 MacBook kernel: evm: security.selinux
Feb 08 17:11:11 MacBook kernel: evm: security.SMACK64
Feb 08 17:11:11 MacBook kernel: evm: security.SMACK64EXEC
Feb 08 17:11:11 MacBook kernel: evm: security.SMACK64TRANSMUTE
Feb 08 17:11:11 MacBook kernel: evm: security.SMACK64MMAP
Feb 08 17:11:11 MacBook kernel: evm: security.apparmor
Feb 08 17:11:11 MacBook kernel: evm: security.ima
Feb 08 17:11:11 MacBook kernel: evm: security.capability
Feb 08 17:11:11 MacBook kernel: evm: HMAC attrs: 0x1
Feb 08 17:11:11 MacBook kernel: PM:   Magic number: 10:872:680
Feb 08 17:11:11 MacBook kernel: RAS: Correctable Errors collector initialized.
Feb 08 17:11:11 MacBook kernel: Freeing unused decrypted memory: 2036K
Feb 08 17:11:11 MacBook kernel: Freeing unused kernel image (initmem) memory: 2952K
Feb 08 17:11:11 MacBook kernel: Write protecting the kernel read-only data: 24576k
Feb 08 17:11:11 MacBook kernel: Freeing unused kernel image (text/rodata gap) memory: 2036K
Feb 08 17:11:11 MacBook kernel: Freeing unused kernel image (rodata/data gap) memory: 540K
Feb 08 17:11:11 MacBook kernel: x86/mm: Checked W+X mappings: passed, no W+X pages found.
Feb 08 17:11:11 MacBook kernel: x86/mm: Checking user space page tables
Feb 08 17:11:11 MacBook kernel: x86/mm: Checked W+X mappings: passed, no W+X pages found.
Feb 08 17:11:11 MacBook kernel: Run /init as init process
Feb 08 17:11:11 MacBook kernel:   with arguments:
Feb 08 17:11:11 MacBook kernel:     /init
Feb 08 17:11:11 MacBook kernel:     splash
Feb 08 17:11:11 MacBook kernel:   with environment:
Feb 08 17:11:11 MacBook kernel:     HOME=/
Feb 08 17:11:11 MacBook kernel:     TERM=linux
Feb 08 17:11:11 MacBook kernel:     BOOT_IMAGE=/boot/vmlinuz-5.15.19-t2
Feb 08 17:11:11 MacBook kernel: ACPI: video: [Firmware Bug]: ACPI(GFX0) defines _DOD but not _DOS
Feb 08 17:11:11 MacBook kernel: ACPI: video: Video Device [GFX0] (multi-head: yes  rom: no  post: no)


The kernel configuration where this bug is seen is on https://github.com/t2linux/T2-Ubuntu-Kernel/blob/Mainline/templates/default-config

I had an old kernel configuration, where I did not face this issue and was easily able to write to the NVRAM. That kernel configuration is on https://github.com/t2linux/T2-Ubuntu-Kernel/blob/b5c20b8c7689251dd943e22dbe02cef9020db8d1/templates/default-config

I believe these lines in the kernel config, which are present in the former but absent in the latter are causing the issue :-


CONFIG_SECURITY_LANDLOCK=y
CONFIG_INTEGRITY=y
CONFIG_INTEGRITY_SIGNATURE=y
CONFIG_INTEGRITY_ASYMMETRIC_KEYS=y
CONFIG_INTEGRITY_TRUSTED_KEYRING=y
CONFIG_INTEGRITY_PLATFORM_KEYRING=y
CONFIG_LOAD_UEFI_KEYS=y
CONFIG_INTEGRITY_AUDIT=y
CONFIG_IMA=y
CONFIG_IMA_MEASURE_PCR_IDX=10
CONFIG_IMA_LSM_RULES=y
# CONFIG_IMA_TEMPLATE is not set
CONFIG_IMA_NG_TEMPLATE=y
# CONFIG_IMA_SIG_TEMPLATE is not set
CONFIG_IMA_DEFAULT_TEMPLATE="ima-ng"
CONFIG_IMA_DEFAULT_HASH_SHA1=y
# CONFIG_IMA_DEFAULT_HASH_SHA256 is not set
# CONFIG_IMA_DEFAULT_HASH_SHA512 is not set
CONFIG_IMA_DEFAULT_HASH="sha1"
# CONFIG_IMA_WRITE_POLICY is not set
# CONFIG_IMA_READ_POLICY is not set
CONFIG_IMA_APPRAISE=y
# CONFIG_IMA_ARCH_POLICY is not set
# CONFIG_IMA_APPRAISE_BUILD_POLICY is not set
CONFIG_IMA_APPRAISE_BOOTPARAM=y
CONFIG_IMA_APPRAISE_MODSIG=y
CONFIG_IMA_TRUSTED_KEYRING=y
# CONFIG_IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY is not set
# CONFIG_IMA_BLACKLIST_KEYRING is not set
# CONFIG_IMA_LOAD_X509 is not set
CONFIG_IMA_MEASURE_ASYMMETRIC_KEYS=y
CONFIG_IMA_QUEUE_EARLY_BOOT_KEYS=y

Especially CONFIG_LOAD_UEFI_KEYS=y is which I guess may be the culprit.

I request you to reply to my issue as soon as possible

Thanks
Aditya

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ