On Sun, 27 Sep 2020 at 10:18, Heinrich Schuchardt <xypron.glpk@xxxxxx> wrote: > > On 9/26/20 10:58 AM, Ard Biesheuvel wrote: > > Currently, on arm64, we abort on any failure from efi_get_random_bytes() > > other than EFI_NOT_FOUND when it comes to setting the physical seed for > > KASLR, but ignore such failures when obtaining the seed for virtual > > KASLR or for early seeding of the kernel's entropy pool via the config > > table. This is inconsistent, and may lead to unexpected boot failures. > > > > So let's permit any failure for the physical seed, and simply report > > the error code if it does not equal EFI_NOT_FOUND. > > > > Reported-by: Heinrich Schuchardt <xypron.glpk@xxxxxx> > > Signed-off-by: Ard Biesheuvel <ardb@xxxxxxxxxx> > > Hello Ard, > > thank you for providing the patch. Unfortunately this seems not to be > enough for booting with an EFI_RNG_PROTOCOL.GetRng() returning > EFI_UNSUPPORTED. > > This is the output I received on v5.9-rc6, defconfig with your patch > applied. I can retry with a branch from > https://git.kernel.org/pub/scm/linux/kernel/git/efi/efi.git/ if you > indicate which one to use. > > EFI stub: Booting Linux Kernel... > EFI stub: ERROR: efi_get_random_bytes() failed (0x8000000000000003), > KASLR will be disabled > EFI stub: Using DTB from configuration table > > EFI stub: Exiting boot services and installing virtual address map... > > EFI stub: ERROR: Unable to construct new device tree. > EFI stub: ERROR: Failed to update FDT and exit boot services > > This matches the problem originally reported by Scott. > OK, so we need something like the below as well: --- a/drivers/firmware/efi/libstub/fdt.c +++ b/drivers/firmware/efi/libstub/fdt.c @@ -145,8 +145,6 @@ static efi_status_t update_fdt(void *orig_fdt, unsigned long orig_fdt_size, status = fdt_setprop_var(fdt, node, "kaslr-seed", fdt_val64); if (status) goto fdt_set_fail; - } else if (efi_status != EFI_NOT_FOUND) { - return efi_status; } } Could you please check whether that fixes the issue?
