On Fri, 30 Sept 2022 at 22:59, Ard Biesheuvel <ardb@xxxxxxxxxx> wrote: > > On Fri, 30 Sept 2022 at 22:21, Demi Marie Obenour > <demi@xxxxxxxxxxxxxxxxxxxxxx> wrote: > > > > On Fri, Sep 30, 2022 at 09:11:19PM +0200, Ard Biesheuvel wrote: > > > On Fri, 30 Sept 2022 at 20:21, Demi Marie Obenour > > > <demi@xxxxxxxxxxxxxxxxxxxxxx> wrote: > > > > > > > > On Fri, Sep 30, 2022 at 06:36:11PM +0200, Ard Biesheuvel wrote: > > > > > On Fri, 30 Sept 2022 at 01:02, Demi Marie Obenour > > > > > <demi@xxxxxxxxxxxxxxxxxxxxxx> wrote: > > > > > > > > > > > > fwupd requires access to the EFI System Resource Table (ESRT) to > > > > > > discover which firmware can be updated by the OS. Currently, Linux does > > > > > > not expose the ESRT when running as a Xen dom0. Therefore, it is not > > > > > > possible to use fwupd in a Xen dom0, which is a serious problem for e.g. > > > > > > Qubes OS. > > > > > > > > > > > > Before Xen 4.17, this was not fixable due to hypervisor limitations. > > > > > > The UEFI specification requires the ESRT to be in EfiBootServicesData > > > > > > memory, which Xen will use for whatever purposes it likes. Therefore, > > > > > > Linux cannot safely access the ESRT, as Xen may have overwritten it. > > > > > > > > > > > > Starting with Xen 4.17, Xen checks if the ESRT is in EfiBootServicesData > > > > > > or EfiRuntimeServicesData memory. If the ESRT is in EfiBootServicesData > > > > > > memory, Xen replaces the ESRT with a copy in memory that it has > > > > > > reserved. Such memory is currently of type EFI_RUNTIME_SERVICES_DATA, > > > > > > but in the future it will be of type EFI_ACPI_RECLAIM_MEMORY. This > > > > > > ensures that the ESRT can safely be accessed by the OS. > > > > > > > > > > > > When running as a Xen dom0, use the new > > > > > > xen_config_table_memory_region_max() function to determine if Xen has > > > > > > reserved the ESRT and, if so, find the end of the memory region > > > > > > containing it. This allows programs such as fwupd which require the > > > > > > ESRT to run under Xen, and so makes fwupd support in Qubes OS possible. > > > > > > > > > > > > Signed-off-by: Demi Marie Obenour <demi@xxxxxxxxxxxxxxxxxxxxxx> > > > > > > > > > > Why do we need this patch? I'd expect esrt_table_exists() to return > > > > > false when patch 1/2 is applied. > > > > > > > > efi_enabled(EFI_MEMMAP) is false under Xen, so there needs to be an > > > > alternative way to get the end of the memory region containing the ESRT. > > > > That is what this patch provides. > > > > > > OK. I don't think we need that to be honest. When running under Xen, > > > we should be able to assume that the ESRT does not span multiple > > > memory regions arbitrarily, so we can just omit this check if > > > !efi_enabled(EFI_MEMMAP) > > > > > > IIRC (and Peter would know), we are trying to filter out descriptors > > > that are completely bogus here: zero lenght, zero address, etc etc. I > > > don't think we need that for Xen. > > > > Xen doesn’t uninstall bogus ESRTs, so there is no less reason to worry > > under Xen than on bare hardware. > > That may be true. But if Xen needs dom0 to be able to cross reference > the EFI memory map, it should provide one (and set EFI_MEMMAP to > enabled). Btw the efi_mem_reserve() for the ESRT is also redundant if it is guaranteed to be in RT services data or ACPI reclaim memory.