lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <Z1hHAtAcgivajR7i@hovoldconsulting.com>
Date: Tue, 10 Dec 2024 14:49:54 +0100
From: Johan Hovold <johan@...nel.org>
To: Ard Biesheuvel <ardb@...nel.org>
Cc: Leif Lindholm <leif.lindholm@....qualcomm.com>,
	Bjorn Andersson <andersson@...nel.org>,
	Ricardo Salveti <ricardo@...ndries.io>,
	Marc Zyngier <maz@...nel.org>, linux-efi@...r.kernel.org,
	linux-arm-msm@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: UEFI EBS() failures on Lenovo T14s

On Thu, Nov 28, 2024 at 03:46:12PM +0100, Johan Hovold wrote:

> From 1464360c7c16d1a6ce454bf88ee5815663f27283 Mon Sep 17 00:00:00 2001
> From: Johan Hovold <johan+linaro@...nel.org>
> Date: Wed, 27 Nov 2024 16:05:37 +0100
> Subject: [PATCH] hack: efi/libstub: fix t14s exit_boot_services() failure
> 
> The UEFI firmware on the Lenovo ThinkPad T14s is broken and
> ExitBootServices() often fails and prevents the kernel from starting:
> 
> 	EFI stub: Exiting boot services...
> 	EFI stub: Exit boot services failed.
> 
> One bootloader entry may fail to start almost consistently (once in a
> while it may start), while a second entry may always work even when the
> kernel, dtb and initramfs images are copies of the failing entry on the
> same ESP.
> 
> This can be worked around by starting and exiting a UEFI shell from the
> bootloader or by starting the bootloader manually via the Boot Menu
> (F12) before starting the kernel.
> 
> Notably starting the kernel automatically from the shell startup.nsh
> does not work, while calling the same script manually works.
> 
> Experiments have revealed that allocating an event before calling
> ExitBootServices() can make the call succeed. When providing a
> notification function there apparently is no need to actually signal the
> event group and CloseEvent() could also be called directly.

As feared, this does not really fix anything and probably just works
by changing timing or alignment or similar.

When trying to find a workaround for the EBS() failure I had moved
loading of the dtb and initamfs images from systemd-boot to the stub as
that seemed to increase the chance of getting the kernel to start.

When I tried moving the loading back to the bootloader the other day I
saw EBS() fail with the event hack still in place in the stub. This time
it did not seem to fail gracefully however, and the machine was reset by
the hypervisor after a timeout.

And now I'm occasionally seeing EBS() fail also when the stub is loading
the images.

Johan

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ