| Message ID | 9b52495a2d8adfc8f2d731a0236c945196143ef4.1582644865.git.thomas.lendacky@amd.com (mailing list archive) |
|---|---|
| State | Superseded, archived |
| Headers | show |
| Series | x86/efi: Add additional efi tables for unencrypted mapping checks | expand |
On Tue, 25 Feb 2020 at 16:34, Tom Lendacky <thomas.lendacky@amd.com> wrote: > > When booting with SME active, EFI tables must be mapped unencrypted since > they were built by UEFI in unencrypted memory. Update the list of tables > to be checked during early_memremap() processing to account for new EFI > tables. > > This fixes a bug where an EFI TPM log table has been created by UEFI, but > it lives in memory that has been marked as usable rather than reserved. > > Signed-off-by: Tom Lendacky <thomas.lendacky@amd.com> Thanks Tom Mind respinning this on top of efi/next? https://git.kernel.org/pub/scm/linux/kernel/git/efi/efi.git/ Thanks, > --- > arch/x86/platform/efi/efi.c | 3 +++ > 1 file changed, 3 insertions(+) > > diff --git a/arch/x86/platform/efi/efi.c b/arch/x86/platform/efi/efi.c > index ae923ee8e2b4..eba5038c7a44 100644 > --- a/arch/x86/platform/efi/efi.c > +++ b/arch/x86/platform/efi/efi.c > @@ -85,6 +85,9 @@ static const unsigned long * const efi_tables[] = { > #ifdef CONFIG_EFI_RCI2_TABLE > &rci2_table_phys, > #endif > + &efi.rng_seed, > + &efi.tpm_log, > + &efi.tpm_final_log, > }; > > u64 efi_setup; /* efi setup_data physical address */ > -- > 2.17.1 >
On 2/25/20 10:09 AM, Ard Biesheuvel wrote: > On Tue, 25 Feb 2020 at 16:34, Tom Lendacky <thomas.lendacky@amd.com> wrote: >> >> When booting with SME active, EFI tables must be mapped unencrypted since >> they were built by UEFI in unencrypted memory. Update the list of tables >> to be checked during early_memremap() processing to account for new EFI >> tables. >> >> This fixes a bug where an EFI TPM log table has been created by UEFI, but >> it lives in memory that has been marked as usable rather than reserved. >> >> Signed-off-by: Tom Lendacky <thomas.lendacky@amd.com> > > Thanks Tom > > Mind respinning this on top of efi/next? Sure, no problem, v2 on the way. I wasn't sure if this would go through the x86 tree or the efi tree (though this should apply cleanly to efi/next with just a few lines of offset). Thanks, Tom > > https://git.kernel.org/pub/scm/linux/kernel/git/efi/efi.git/> > Thanks, > > >> --- >> arch/x86/platform/efi/efi.c | 3 +++ >> 1 file changed, 3 insertions(+) >> >> diff --git a/arch/x86/platform/efi/efi.c b/arch/x86/platform/efi/efi.c >> index ae923ee8e2b4..eba5038c7a44 100644 >> --- a/arch/x86/platform/efi/efi.c >> +++ b/arch/x86/platform/efi/efi.c >> @@ -85,6 +85,9 @@ static const unsigned long * const efi_tables[] = { >> #ifdef CONFIG_EFI_RCI2_TABLE >> &rci2_table_phys, >> #endif >> + &efi.rng_seed, >> + &efi.tpm_log, >> + &efi.tpm_final_log, >> }; >> >> u64 efi_setup; /* efi setup_data physical address */ >> -- >> 2.17.1 >>
diff --git a/arch/x86/platform/efi/efi.c b/arch/x86/platform/efi/efi.c index ae923ee8e2b4..eba5038c7a44 100644 --- a/arch/x86/platform/efi/efi.c +++ b/arch/x86/platform/efi/efi.c @@ -85,6 +85,9 @@ static const unsigned long * const efi_tables[] = { #ifdef CONFIG_EFI_RCI2_TABLE &rci2_table_phys, #endif + &efi.rng_seed, + &efi.tpm_log, + &efi.tpm_final_log, }; u64 efi_setup; /* efi setup_data physical address */
When booting with SME active, EFI tables must be mapped unencrypted since they were built by UEFI in unencrypted memory. Update the list of tables to be checked during early_memremap() processing to account for new EFI tables. This fixes a bug where an EFI TPM log table has been created by UEFI, but it lives in memory that has been marked as usable rather than reserved. Signed-off-by: Tom Lendacky <thomas.lendacky@amd.com> --- arch/x86/platform/efi/efi.c | 3 +++ 1 file changed, 3 insertions(+)