| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 9 Feb 2022 06:51:48 +0000
From: Aditya Garg <gargaditya08@...e.com>
To: "joeyli.kernel@...il.com" <joeyli.kernel@...il.com>,
"zohar@...ux.ibm.com" <zohar@...ux.ibm.com>,
"jmorris@...ei.org" <jmorris@...ei.org>,
"eric.snowberg@...cle.com" <eric.snowberg@...cle.com>,
"dhowells@...hat.com" <dhowells@...hat.com>
CC: "linux-security-module@...r.kernel.org"
<linux-security-module@...r.kernel.org>,
Linux Kernel Mailing List <linux-kernel@...r.kernel.org>,
"jlee@...e.com" <jlee@...e.com>
Subject: [BUG] Unable to write the NVRAM on T2 Macs if
CONFIG_INTEGRITY_PLATFORM_KEYRING and CONFIG_LOAD_UEFI_KEYS are enabled.
On Macs with the T2 Security Chip, if CONFIG_INTEGRITY_PLATFORM_KEYRING=y and CONFIG_LOAD_UEFI_KEYS=y are there in the kernel config, EFI Runtime services fail to start.
Feb 08 17:11:11 MacBook kernel: [Firmware Bug]: Page fault caused by firmware at PA: 0xffffa79840068000
Feb 08 17:11:11 MacBook kernel: WARNING: CPU: 11 PID: 150 at arch/x86/platform/efi/quirks.c:735 efi_crash_gracefully_on_page_fault+0x50/0xd0
Feb 08 17:11:11 MacBook kernel: Modules linked in:
Feb 08 17:11:11 MacBook kernel: CPU: 11 PID: 150 Comm: kworker/u24:1 Not tainted 5.15.19-t2 #2
Feb 08 17:11:11 MacBook kernel: Hardware name: Apple Inc. MacBookPro16,1/Mac-E1008331FDC96864, BIOS 1715.81.2.0.0 (iBridge: 19.16.10744.0.0,0) 01/06/2022
Feb 08 17:11:11 MacBook kernel: Workqueue: efi_rts_wq efi_call_rts
Feb 08 17:11:11 MacBook kernel: RIP: 0010:efi_crash_gracefully_on_page_fault+0x50/0xd0
Feb 08 17:11:11 MacBook kernel: Code: fc e8 b4 fb 02 00 49 81 fc ff 0f 00 00 76 08 48 3d 30 9e dc a8 74 04 41 5c 5d c3 4c 89 e6 48 c7 c7 20 c5 1b a8 e8 9f 7f bb 00 <0f> 0b 83 3d 57 56 12 02 0a 0f 84 89 6f bb 00 e8 9c 1a 00 00 48 8b
Feb 08 17:11:11 MacBook kernel: RSP: 0000:ffffa79840592a08 EFLAGS: 00010086
Feb 08 17:11:11 MacBook kernel: RAX: 0000000000000000 RBX: ffffa79840592a48 RCX: ffffffffa857a088
Feb 08 17:11:11 MacBook kernel: RDX: 00000000ffffdfff RSI: ffffa79840592848 RDI: 0000000000000000
Feb 08 17:11:11 MacBook kernel: RBP: ffffa79840592a10 R08: 0000000000000003 R09: 0000000000000001
Feb 08 17:11:11 MacBook kernel: R10: 0000000000ffff10 R11: 000000000000000f R12: ffffa79840068000
Feb 08 17:11:11 MacBook kernel: R13: 0000000000000000 R14: ffffa79840592b98 R15: ffff897a816a3200
Feb 08 17:11:11 MacBook kernel: FS: 0000000000000000(0000) GS:ffff897deecc0000(0000) knlGS:0000000000000000
Feb 08 17:11:11 MacBook kernel: CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
Feb 08 17:11:11 MacBook kernel: CR2: ffffa79840068000 CR3: 00000001001ea002 CR4: 00000000003706e0
Feb 08 17:11:11 MacBook kernel: Call Trace:
Feb 08 17:11:11 MacBook kernel: <TASK>
Feb 08 17:11:11 MacBook kernel: page_fault_oops+0x4f/0x2b0
Feb 08 17:11:11 MacBook kernel: ? search_bpf_extables+0x63/0x80
Feb 08 17:11:11 MacBook kernel: ? search_exception_tables+0x5b/0x60
Feb 08 17:11:11 MacBook kernel: kernelmode_fixup_or_oops+0x9e/0x110
Feb 08 17:11:11 MacBook kernel: __bad_area_nosemaphore+0x155/0x190
Feb 08 17:11:11 MacBook kernel: bad_area_nosemaphore+0x16/0x20
Feb 08 17:11:11 MacBook kernel: do_kern_addr_fault+0x62/0x80
Feb 08 17:11:11 MacBook kernel: exc_page_fault+0xd8/0x160
Feb 08 17:11:11 MacBook kernel: asm_exc_page_fault+0x1e/0x30
Feb 08 17:11:11 MacBook kernel: RIP: 0010:0xfffffffeefc440c5
Feb 08 17:11:11 MacBook kernel: Code: 31 c9 48 29 f9 48 83 e1 0f 74 0c 4c 39 c1 49 0f 47 c8 49 29 c8 f3 a4 4c 89 c1 49 83 e0 0f 48 c1 e9 04 74 2c f3 0f 7f 44 24 18 <f3> 0f 6f 06 66 0f e7 07 48 83 c6 10 48 83 c7 10 e2 ee 0f ae f0 66
Feb 08 17:11:11 MacBook kernel: RSP: 0000:ffffa79840592c48 EFLAGS: 00010286
Feb 08 17:11:11 MacBook kernel: RAX: fffffffeefc92256 RBX: ffffffffa82127ba RCX: 0000000000000032
Feb 08 17:11:11 MacBook kernel: RDX: ffffa79840067d20 RSI: ffffa79840067ffa RDI: fffffffeefc92530
Feb 08 17:11:11 MacBook kernel: RBP: ffffa79840592cd0 R08: 000000000000000d R09: ffffa79840068326
Feb 08 17:11:11 MacBook kernel: R10: fffffffeefc8e018 R11: 0000000000085dc9 R12: 0000000000000000
Feb 08 17:11:11 MacBook kernel: R13: ffffa79840067db0 R14: ffffa79840067d01 R15: 0000000000000607
Feb 08 17:11:11 MacBook kernel: ? __efi_call+0x28/0x30
Feb 08 17:11:11 MacBook kernel: ? switch_mm+0x20/0x40
Feb 08 17:11:11 MacBook kernel: ? efi_call_rts+0x189/0x6f0
Feb 08 17:11:11 MacBook kernel: ? process_one_work+0x22b/0x3d0
Feb 08 17:11:11 MacBook kernel: ? worker_thread+0x4d/0x3f0
Feb 08 17:11:11 MacBook kernel: ? process_one_work+0x3d0/0x3d0
Feb 08 17:11:11 MacBook kernel: ? kthread+0x12a/0x150
Feb 08 17:11:11 MacBook kernel: ? set_kthread_struct+0x40/0x40
Feb 08 17:11:11 MacBook kernel: ? ret_from_fork+0x22/0x30
Feb 08 17:11:11 MacBook kernel: </TASK>
Feb 08 17:11:11 MacBook kernel: ---[ end trace b0e21a194e80a466 ]---
Feb 08 17:11:11 MacBook kernel: efi: Froze efi_rts_wq and disabled EFI Runtime Services
Feb 08 17:11:11 MacBook kernel: integrity: Couldn't get size: 0x8000000000000015
Feb 08 17:11:11 MacBook kernel: integrity: MODSIGN: Couldn't get UEFI db list
Feb 08 17:11:11 MacBook kernel: efi: EFI Runtime Services are disabled!
Feb 08 17:11:11 MacBook kernel: integrity: Couldn't get size: 0x8000000000000015
Feb 08 17:11:11 MacBook kernel: integrity: Couldn't get UEFI dbx list
Feb 08 17:11:11 MacBook kernel: integrity: Couldn't get size: 0x8000000000000015
Feb 08 17:11:11 MacBook kernel: integrity: Couldn't get mokx list
Feb 08 17:11:11 MacBook kernel: integrity: Couldn't get size: 0x8000000000000015
Feb 08 17:11:11 MacBook kernel: integrity: Couldn't get UEFI MokListRT
Feb 08 17:11:11 MacBook kernel: ima: No TPM chip found, activating TPM-bypass!
Feb 08 17:11:11 MacBook kernel: Loading compiled-in module X.509 certificates
Feb 08 17:11:11 MacBook kernel: Loaded X.509 cert 'Build time autogenerated kernel key: 4fe3a063ebcd82317099edaaf5ee8e3719392e6e'
Feb 08 17:11:11 MacBook kernel: ima: Allocated hash algorithm: sha1
Feb 08 17:11:11 MacBook kernel: ima: No architecture policies found
Feb 08 17:11:11 MacBook kernel: evm: Initialising EVM extended attributes:
Feb 08 17:11:11 MacBook kernel: evm: security.selinux
Feb 08 17:11:11 MacBook kernel: evm: security.SMACK64
Feb 08 17:11:11 MacBook kernel: evm: security.SMACK64EXEC
Feb 08 17:11:11 MacBook kernel: evm: security.SMACK64TRANSMUTE
Feb 08 17:11:11 MacBook kernel: evm: security.SMACK64MMAP
Feb 08 17:11:11 MacBook kernel: evm: security.apparmor
Feb 08 17:11:11 MacBook kernel: evm: security.ima
Feb 08 17:11:11 MacBook kernel: evm: security.capability
Feb 08 17:11:11 MacBook kernel: evm: HMAC attrs: 0x1
Feb 08 17:11:11 MacBook kernel: PM: Magic number: 10:872:680
Feb 08 17:11:11 MacBook kernel: RAS: Correctable Errors collector initialized.
Feb 08 17:11:11 MacBook kernel: Freeing unused decrypted memory: 2036K
Feb 08 17:11:11 MacBook kernel: Freeing unused kernel image (initmem) memory: 2952K
Feb 08 17:11:11 MacBook kernel: Write protecting the kernel read-only data: 24576k
Feb 08 17:11:11 MacBook kernel: Freeing unused kernel image (text/rodata gap) memory: 2036K
Feb 08 17:11:11 MacBook kernel: Freeing unused kernel image (rodata/data gap) memory: 540K
Feb 08 17:11:11 MacBook kernel: x86/mm: Checked W+X mappings: passed, no W+X pages found.
Feb 08 17:11:11 MacBook kernel: x86/mm: Checking user space page tables
Feb 08 17:11:11 MacBook kernel: x86/mm: Checked W+X mappings: passed, no W+X pages found.
Feb 08 17:11:11 MacBook kernel: Run /init as init process
Feb 08 17:11:11 MacBook kernel: with arguments:
Feb 08 17:11:11 MacBook kernel: /init
Feb 08 17:11:11 MacBook kernel: splash
Feb 08 17:11:11 MacBook kernel: with environment:
Feb 08 17:11:11 MacBook kernel: HOME=/
Feb 08 17:11:11 MacBook kernel: TERM=linux
Feb 08 17:11:11 MacBook kernel: BOOT_IMAGE=/boot/vmlinuz-5.15.19-t2
Feb 08 17:11:11 MacBook kernel: ACPI: video: [Firmware Bug]: ACPI(GFX0) defines _DOD but not _DOS
Feb 08 17:11:11 MacBook kernel: ACPI: video: Video Device [GFX0] (multi-head: yes rom: no post: no)
Could you help me in solving (probably disabling this security feature on T2 Macs)
Powered by blists - more mailing lists