On Thu, 24 Sep 2020 at 11:45, Ard Biesheuvel <ardb@xxxxxxxxxx> wrote: > > On Wed, 23 Sep 2020 at 23:02, Kees Cook <keescook@xxxxxxxxxxxx> wrote: > > > > On Wed, Sep 23, 2020 at 08:43:21PM +0200, Ard Biesheuvel wrote: > > > On Wed, 23 Sep 2020 at 20:41, Kees Cook <keescook@xxxxxxxxxxxx> wrote: > > > > > > > > On Wed, Sep 23, 2020 at 06:13:58PM +0200, Ard Biesheuvel wrote: > > > > > The EFI pstore implementation relies on the 'efivars' abstraction, > > > > > which encapsulates the EFI variable store in a way that can be > > > > > overridden by other backing stores, like the Google SMI one. > > > > > > > > > > On top of that, the EFI pstore implementation also relies on the > > > > > efivars.ko module, which is a separate layer built on top of the > > > > > 'efivars' abstraction that exposes the [deprecated] sysfs entries > > > > > for each variable that exists in the backing store. > > > > > > > > > > Since the efivars.ko module is deprecated, and all users appear to > > > > > have moved to the efivarfs file system instead, let's prepare for > > > > > its removal, by removing EFI pstore's dependency on it. > > > > > > > > > > Signed-off-by: Ard Biesheuvel <ardb@xxxxxxxxxx> > > > > > > > > With this and the other pstore patch, do the pstore self-tests still > > > > pass on an EFI system? > > > > > > > > If so, please consider both: > > > > > > > > Acked-by: Kees Cook <keescook@xxxxxxxxxxxx> > > > > > > > > > > Selftests? Excellent! Are they documented too? > > > > Not really, but they're pretty simple: > > > > cd tools/testing/selftests/pstore > > *double-check "config" against running kernel config* > > ./pstore_tests > > ./pstore_crash_test > > *wait for system to reboot* > > cd tools/testing/selftests/pstore > > ./pstore_post_reboot_tests > > > > (though please test before/after, just to make sure other deltas haven't > > broken things before your series -- I don't test EFI pstore with high > > frequency) > > > > I have done the 'before' test on three different EFI Linux systems > (x86, arm64 and ARM), and they all give me something like the below > > === Pstore unit tests (pstore_tests) === > UUID=109d02e6-9395-4274-9554-2c078e87a662 > Checking pstore backend is registered ... ok > backend=efi > cmdline=BOOT_IMAGE=/vmlinuz-5.3.0-59-generic > root=/dev/mapper/crypt-root ro quiet splash vt.handoff=1 > Checking pstore console is registered ... FAIL > Checking /dev/pmsg0 exists ... FAIL > Writing unique string to /dev/pmsg0 ... FAIL > > So I'm not sure if there is any point to doing the 'after' test if > this is the baseline. In any case, I confirmed that the new efi-pstore module - exposes existing pstore dmesg entries correctly - captures oops and panic messages as dmesg-efi-xxxx entries as before