On 9/27/20 11:13 AM, Ard Biesheuvel wrote: > On Sun, 27 Sep 2020 at 10:18, Heinrich Schuchardt <xypron.glpk@xxxxxx> wrote: >> >> On 9/26/20 10:58 AM, Ard Biesheuvel wrote: >>> Currently, on arm64, we abort on any failure from efi_get_random_bytes() >>> other than EFI_NOT_FOUND when it comes to setting the physical seed for >>> KASLR, but ignore such failures when obtaining the seed for virtual >>> KASLR or for early seeding of the kernel's entropy pool via the config >>> table. This is inconsistent, and may lead to unexpected boot failures. >>> >>> So let's permit any failure for the physical seed, and simply report >>> the error code if it does not equal EFI_NOT_FOUND. >>> >>> Reported-by: Heinrich Schuchardt <xypron.glpk@xxxxxx> >>> Signed-off-by: Ard Biesheuvel <ardb@xxxxxxxxxx> >> >> Hello Ard, >> >> thank you for providing the patch. Unfortunately this seems not to be >> enough for booting with an EFI_RNG_PROTOCOL.GetRng() returning >> EFI_UNSUPPORTED. >> >> This is the output I received on v5.9-rc6, defconfig with your patch >> applied. I can retry with a branch from >> https://git.kernel.org/pub/scm/linux/kernel/git/efi/efi.git/ if you >> indicate which one to use. >> >> EFI stub: Booting Linux Kernel... >> EFI stub: ERROR: efi_get_random_bytes() failed (0x8000000000000003), >> KASLR will be disabled >> EFI stub: Using DTB from configuration table >> >> EFI stub: Exiting boot services and installing virtual address map... >> >> EFI stub: ERROR: Unable to construct new device tree. >> EFI stub: ERROR: Failed to update FDT and exit boot services >> >> This matches the problem originally reported by Scott. >> > > OK, so we need something like the below as well: > > --- a/drivers/firmware/efi/libstub/fdt.c > +++ b/drivers/firmware/efi/libstub/fdt.c > @@ -145,8 +145,6 @@ static efi_status_t update_fdt(void *orig_fdt, > unsigned long orig_fdt_size, > status = fdt_setprop_var(fdt, node, > "kaslr-seed", fdt_val64); > if (status) > goto fdt_set_fail; > - } else if (efi_status != EFI_NOT_FOUND) { > - return efi_status; > } > } > > > Could you please check whether that fixes the issue? > The new change allows booting. I could not observe the new message from the patch on my ARM64 system. The only related messages I found are: [ +0.000000] efi: EFI v2.80 by Das U-Boot [ +0.000000] efi: RTPROP=0x7aef9040 SMBIOS=0x7aef5000 MEMRESERVE=0x566df040 [ +0.000000] random: get_random_bytes called from start_kernel+0x314/0x4e8 with crng_init=0 [ +0.003506] KASLR disabled due to lack of seed Best regards Heinrich
