From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-7.5 required=3.0 tests=BAYES_00, HEADER_FROM_DIFFERENT_DOMAINS,HTML_MESSAGE,MAILING_LIST_MULTI, MENTIONS_GIT_HOSTING,SPF_HELO_NONE,SPF_PASS,USER_AGENT_SANE_1 autolearn=no autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id A5193C433E3 for ; Tue, 28 Jul 2020 07:42:00 +0000 (UTC) Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id 6009D21D95 for ; Tue, 28 Jul 2020 07:42:00 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 6009D21D95 Authentication-Results: mail.kernel.org; dmarc=none (p=none dis=none) header.from=3mdeb.com Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=xen-devel-bounces@lists.xenproject.org Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1k0KF5-0000ij-Hl; Tue, 28 Jul 2020 07:41:43 +0000 Received: from all-amaz-eas1.inumbo.com ([34.197.232.57] helo=us1-amaz-eas2.inumbo.com) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1k0KF4-0000ie-75 for xen-devel@lists.xenproject.org; Tue, 28 Jul 2020 07:41:42 +0000 X-Inumbo-ID: c5f41410-d0a5-11ea-a869-12813bfff9fa Received: from 7.mo179.mail-out.ovh.net (unknown [46.105.61.94]) by us1-amaz-eas2.inumbo.com (Halon) with ESMTPS id c5f41410-d0a5-11ea-a869-12813bfff9fa; Tue, 28 Jul 2020 07:41:40 +0000 (UTC) Received: from player770.ha.ovh.net (unknown [10.108.57.53]) by mo179.mail-out.ovh.net (Postfix) with ESMTP id E617E16FF90 for ; Tue, 28 Jul 2020 09:41:38 +0200 (CEST) Received: from 3mdeb.com (85-222-117-222.dynamic.chello.pl [85.222.117.222]) (Authenticated sender: norbert.kaminski@3mdeb.com) by player770.ha.ovh.net (Postfix) with ESMTPSA id 8B15E14D53567; Tue, 28 Jul 2020 07:41:33 +0000 (UTC) Authentication-Results: garm.ovh; auth=pass (GARM-95G001336571aa-5fee-4d5d-b215-046d926df4aa,44753483405F3E1C42F8196D1C7200706683A5BB) smtp.auth=norbert.kaminski@3mdeb.com From: Norbert Kaminski To: xen-devel@lists.xenproject.org Subject: fwupd support under Xen - firmware updates with the UEFI capsule Message-ID: <497f1524-b57e-0ea1-5899-62f677bfae91@3mdeb.com> Date: Tue, 28 Jul 2020 09:41:32 +0200 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.10.0 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="------------178149245AA07C14C2986652" Content-Language: en-US X-Ovh-Tracer-Id: 15470427670647445866 X-VR-SPAMSTATE: OK X-VR-SPAMSCORE: -100 X-VR-SPAMCAUSE: gggruggvucftvghtrhhoucdtuddrgeduiedriedugdduvdduucetufdoteggodetrfdotffvucfrrhhofhhilhgvmecuqfggjfdpvefjgfevmfevgfenuceurghilhhouhhtmecuhedttdenucesvcftvggtihhpihgvnhhtshculddquddttddmnecujfgurhephffvuffkffgfgggtsegrtderredtfeejnecuhfhrohhmpefpohhrsggvrhhtucfmrghmihhnshhkihcuoehnohhrsggvrhhtrdhkrghmihhnshhkihesfehmuggvsgdrtghomheqnecuggftrfgrthhtvghrnheptedtheejgeeileektedvteefhfduffdtgefggfejgeeufffhudehtdevieelfeefnecuffhomhgrihhnpehgihhtlhgrsgdrtghomhdpghhithhhuhgsrdgtohhmpdefmhguvggsrdgtohhmnecukfhppedtrddtrddtrddtpdekhedrvddvvddruddujedrvddvvdenucevlhhushhtvghrufhiiigvpedunecurfgrrhgrmhepmhhouggvpehsmhhtphdqohhuthdphhgvlhhopehplhgrhigvrhejjedtrdhhrgdrohhvhhdrnhgvthdpihhnvghtpedtrddtrddtrddtpdhmrghilhhfrhhomhepnhhorhgsvghrthdrkhgrmhhinhhskhhiseefmhguvggsrdgtohhmpdhrtghpthhtohepgigvnhdquggvvhgvlheslhhishhtshdrgigvnhhprhhojhgvtghtrdhorhhg X-BeenThere: xen-devel@lists.xenproject.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Cc: andrew.cooper3@citrix.com, Maciej Pijanowski , piotr.krol@3mdeb.com, marmarek@invisiblethingslab.com Errors-To: xen-devel-bounces@lists.xenproject.org Sender: "Xen-devel" This is a multi-part message in MIME format. --------------178149245AA07C14C2986652 Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 8bit Hello all, I'm trying to add support for the firmware updates with the UEFI capsule in Qubes OS. I've got the troubles with reading ESRT (EFI System Resource Table) in the dom0, which is based on the EFI memory map. The EFI_MEMMAP is not enabled despite the loaded drivers (CONFIG_EFI, CONFIG_EFI_ESRT) and kernel cmdline parameters (add_efi_memmap): ``` [    3.451249] efi: EFI_MEMMAP is not enabled. ``` The fwupd bases on the ESRT entries, which provide the system firmware GUID. The GUID is checked using LVFS metadata, which contains information about updates. When efi_memmap is not enabled, there are no ESRT entries in the sysfs, and fwupd has no information about the system firmware GUID.  It is therefore not possible to check whether updates are available for the BIOS. This is how the ESRT entries looks in the Ubuntu: ``` ubuntu@ubuntu:/sys/firmware/efi/esrt$ ll total 0 drwxr-xr-x 3 root root    0 Jul 27 13:14 ./ drwxr-xr-x 6 root root    0 Jul 27 13:13 ../ drwxr-xr-x 3 root root    0 Jul 27 13:17 entries/ -r-------- 1 root root 4096 Jul 27 13:17 fw_resource_count -r-------- 1 root root 4096 Jul 27 13:17 fw_resource_count_max -r-------- 1 root root 4096 Jul 27 13:17 fw_resource_version ubuntu@ubuntu:/sys/firmware/efi/esrt/entries/entry0$ ll total 0 drwxr-xr-x 2 root root    0 Jul 27 13:17 ./ drwxr-xr-x 3 root root    0 Jul 27 13:17 ../ -r-------- 1 root root 4096 Jul 27 13:17 capsule_flags -r-------- 1 root root 4096 Jul 27 13:17 fw_class -r-------- 1 root root 4096 Jul 27 13:17 fw_type -r-------- 1 root root 4096 Jul 27 13:17 fw_version -r-------- 1 root root 4096 Jul 27 13:17 last_attempt_status -r-------- 1 root root 4096 Jul 27 13:17 last_attempt_version -r-------- 1 root root 4096 Jul 27 13:17 lowest_supported_fw_version ubuntu@ubuntu:/sys/firmware/efi/esrt/entries/entry0$ sudo cat fw_class 34578c72-11dc-4378-bc7f-b643866f598c ``` This is the source code of the ESRT driver, which provides those directories: https://gitlab.com/cki-project/kernel-ark/-/blob/os-build/drivers/firmware/efi/esrt.c EFI_MEMMAP dependency is in the 248th line: https://gitlab.com/cki-project/kernel-ark/-/blob/os-build/drivers/firmware/efi/esrt.c#L248 I need to pass ESRT to the dom0. What would be the best way to do that? Ps. Marek Marczykowski-Górecki (Qubes /Project lead) /found some more information, where the problem lays: /EFI_MEMMAP is not enabled on EFI_PARAVIRT (which I believe is the case on Xen dom0):/ /https://github.com/torvalds/linux/blob/92ed301919932f777713b9172e525674157e983d/drivers/firmware/efi/memmap.c#L110/ /My reading the source code says the Xen side to extract this info exists, but Linux doesn't use it specifically, EFI config table address is get here:/ /https://github.com/torvalds/linux/blob/master/arch/x86/xen/efi.c#L56-L63/ /But then nothing uses efi_systab_xen.tables. efi_config_parse_tables() function should be called on those addresses: / /https://github.com/torvalds/linux/blob/master/drivers/firmware/efi/efi.c#L542 / /But I don't think it is called in PV dom0 boot path (not fully sure about that yet)./ Best Regards, Norbert Kamiński Junior Embedded Systems Engineer GPG key ID: 9E9F90AFE10F466A 3mdeb.com --------------178149245AA07C14C2986652 Content-Type: text/html; charset=utf-8 Content-Transfer-Encoding: 8bit

Hello all,

I'm trying to add support for the firmware updates with the UEFI capsule in
Qubes OS. I've got the troubles with reading ESRT (EFI System Resource Table)
in the dom0, which is based on the EFI memory map. The EFI_MEMMAP is not
enabled despite the loaded drivers (CONFIG_EFI, CONFIG_EFI_ESRT) and kernel
cmdline parameters (add_efi_memmap):

```
[    3.451249] efi: EFI_MEMMAP is not enabled.
```

The fwupd bases on the ESRT entries, which provide the system firmware GUID.
The GUID is checked using LVFS metadata, which contains information about updates.
When efi_memmap is not enabled, there are no ESRT entries in the sysfs, and fwupd
has no information about the system firmware GUID.  It is therefore not possible to
check whether updates are available for the BIOS.

This is how the ESRT entries looks in the Ubuntu:

```
ubuntu@ubuntu:/sys/firmware/efi/esrt$ ll
total 0
drwxr-xr-x 3 root root    0 Jul 27 13:14 ./
drwxr-xr-x 6 root root    0 Jul 27 13:13 ../
drwxr-xr-x 3 root root    0 Jul 27 13:17 entries/
-r-------- 1 root root 4096 Jul 27 13:17 fw_resource_count
-r-------- 1 root root 4096 Jul 27 13:17 fw_resource_count_max
-r-------- 1 root root 4096 Jul 27 13:17 fw_resource_version
ubuntu@ubuntu:/sys/firmware/efi/esrt/entries/entry0$ ll
total 0
drwxr-xr-x 2 root root    0 Jul 27 13:17 ./
drwxr-xr-x 3 root root    0 Jul 27 13:17 ../
-r-------- 1 root root 4096 Jul 27 13:17 capsule_flags
-r-------- 1 root root 4096 Jul 27 13:17 fw_class
-r-------- 1 root root 4096 Jul 27 13:17 fw_type
-r-------- 1 root root 4096 Jul 27 13:17 fw_version
-r-------- 1 root root 4096 Jul 27 13:17 last_attempt_status
-r-------- 1 root root 4096 Jul 27 13:17 last_attempt_version
-r-------- 1 root root 4096 Jul 27 13:17 lowest_supported_fw_version
ubuntu@ubuntu:/sys/firmware/efi/esrt/entries/entry0$ sudo cat fw_class
34578c72-11dc-4378-bc7f-b643866f598c
```

This is the source code of the ESRT driver, which provides those directories:

https://gitlab.com/cki-project/kernel-ark/-/blob/os-build/drivers/firmware/efi/esrt.c

EFI_MEMMAP dependency is in the 248th line:

https://gitlab.com/cki-project/kernel-ark/-/blob/os-build/drivers/firmware/efi/esrt.c#L248

I need to pass ESRT to the dom0. What would be the best way to do that?

Ps. Marek Marczykowski-Górecki (Qubes Project lead) found some more information,
where the problem lays:

EFI_MEMMAP is not enabled on EFI_PARAVIRT (which I believe is the case on Xen dom0):

https://github.com/torvalds/linux/blob/92ed301919932f777713b9172e525674157e983d/drivers/firmware/efi/memmap.c#L110

My reading the source code says the Xen side to extract this info exists, but
Linux doesn't use it specifically, EFI config table address is get here:

https://github.com/torvalds/linux/blob/master/arch/x86/xen/efi.c#L56-L63

But then nothing uses efi_systab_xen.tables.
efi_config_parse_tables() function should be called on those addresses:

https://github.com/torvalds/linux/blob/master/drivers/firmware/efi/efi.c#L542

But I don't think it is called in PV dom0 boot path (not fully sure about that yet).


Best Regards,
Norbert Kamiński
Junior Embedded Systems Engineer
GPG key ID: 9E9F90AFE10F466A
3mdeb.com

--------------178149245AA07C14C2986652--