| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <20250624-more-qseecom-v3-6-95205cd88cc2@oss.qualcomm.com>
Date: Tue, 24 Jun 2025 05:13:57 +0300
From: Dmitry Baryshkov <dmitry.baryshkov@....qualcomm.com>
To: Bjorn Andersson <andersson@...nel.org>,
Maximilian Luz <luzmaximilian@...il.com>,
Konrad Dybcio <konradybcio@...nel.org>, Rob Herring <robh@...nel.org>,
Krzysztof Kozlowski <krzk+dt@...nel.org>,
Conor Dooley <conor+dt@...nel.org>, Ard Biesheuvel <ardb@...nel.org>,
Konrad Dybcio <konradybcio@...nel.org>
Cc: Johan Hovold <johan@...nel.org>, Steev Klimaszewski <steev@...i.org>,
linux-arm-msm@...r.kernel.org, linux-kernel@...r.kernel.org,
devicetree@...r.kernel.org, linux-efi@...r.kernel.org,
Dmitry Baryshkov <dmitry.baryshkov@...aro.org>
Subject: [PATCH v3 6/8] firmware: qcom: scm: add modparam to control
QSEECOM enablement
From: Dmitry Baryshkov <dmitry.baryshkov@...aro.org>
In preparation to enabling QSEECOM for the platforms rather than
individual machines provide a mechanism for the user to override default
selection. Allow users to use qcom_scm.qseecom modparam.
Setting it to 'force' will enable QSEECOM even if it disabled or not
handled by the allowlist.
Setting it to 'off' will forcibly disable the QSEECOM interface,
allowing incompatible machines to function.
Setting it to 'roefivars' will enable the QSEECOM interface, making UEFI
variables read-only.
All other values mean 'auto', trusting the allowlist in the module.
Signed-off-by: Dmitry Baryshkov <dmitry.baryshkov@...aro.org>
Signed-off-by: Dmitry Baryshkov <dmitry.baryshkov@....qualcomm.com>
---
drivers/firmware/qcom/qcom_scm.c | 27 ++++++++++++++++++++++++---
1 file changed, 24 insertions(+), 3 deletions(-)
diff --git a/drivers/firmware/qcom/qcom_scm.c b/drivers/firmware/qcom/qcom_scm.c
index 27ef2497089e11b5a902d949de2e16b7443a2ca4..5bf59eba2a863ba16e59df7fa2de1c50b0a218d0 100644
--- a/drivers/firmware/qcom/qcom_scm.c
+++ b/drivers/firmware/qcom/qcom_scm.c
@@ -1983,9 +1983,14 @@ EXPORT_SYMBOL_GPL(qcom_scm_qseecom_app_send);
static unsigned long qcom_qseecom_ro_uefi = QCOM_QSEECOM_QUIRK_RO_UEFIVARS;
+static char *qseecom = "auto";
+MODULE_PARM_DESC(qseecom, "Enable QSEECOM interface (force | roefivars | off | auto)");
+module_param(qseecom, charp, 0);
+
/*
* We do not yet support re-entrant calls via the qseecom interface. To prevent
- + any potential issues with this, only allow validated machines for now.
+ * any potential issues with this, only allow validated machines for now. Users
+ * still can manually enable or disable it via the qcom_scm.qseecom modparam.
*/
static const struct of_device_id qcom_scm_qseecom_allowlist[] __maybe_unused = {
{ .compatible = "asus,vivobook-s15" },
@@ -2013,11 +2018,27 @@ static const struct of_device_id qcom_scm_qseecom_allowlist[] __maybe_unused = {
{ }
};
-static bool qcom_scm_qseecom_machine_is_allowed(unsigned long *quirks)
+static bool qcom_scm_qseecom_machine_is_allowed(struct device *scm_dev,
+ unsigned long *quirks)
{
const struct of_device_id *match;
struct device_node *np;
+ if (!strcmp(qseecom, "off")) {
+ dev_info(scm_dev, "qseecom: disabled by modparam\n");
+ return false;
+ } else if (!strcmp(qseecom, "force")) {
+ dev_info(scm_dev, "qseecom: forcibly enabled\n");
+ *quirks = 0;
+ return true;
+ } else if (!strcmp(qseecom, "roefivars")) {
+ dev_info(scm_dev, "qseecom: enabling with R/O UEFI variables\n");
+ *quirks = QCOM_QSEECOM_QUIRK_RO_UEFIVARS;
+ return true;
+ } else if (strcmp(qseecom, "auto")) {
+ dev_warn(scm_dev, "qseecom: invalid value for the modparam, ignoring\n");
+ }
+
np = of_find_node_by_path("/");
if (!np)
return false;
@@ -2065,7 +2086,7 @@ static int qcom_scm_qseecom_init(struct qcom_scm *scm)
dev_info(scm->dev, "qseecom: found qseecom with version 0x%x\n", version);
- if (!qcom_scm_qseecom_machine_is_allowed(&quirks)) {
+ if (!qcom_scm_qseecom_machine_is_allowed(scm->dev, &quirks)) {
dev_info(scm->dev, "qseecom: untested machine, skipping\n");
return 0;
}
--
2.39.5
Powered by blists - more mailing lists