From: Ilias Apalodimas ilias.apalodimas@linaro.org Date: Wed, 21 Oct 2020 15:42:02 +0300
Hi Heinrich,
On Wed, 21 Oct 2020 at 15:35, Heinrich Schuchardt xypron.glpk@gmx.de wrote:
On 21.10.20 13:41, Ilias Apalodimas wrote:
Hi Heinrich,
On Wed, Oct 21, 2020 at 12:17:29PM +0200, Heinrich Schuchardt wrote:
On 10/21/20 9:32 AM, Ilias Apalodimas wrote:
U-Boot Driver Model is supposed to remove devices with either DM_REMOVE_ACTIVE_DMA or DM_REMOVE_OS_PREPARE flags set, before exiting. Our bootm command does that by explicitly calling calling "dm_remove_devices_flags(DM_REMOVE_ACTIVE_ALL);" and we also disable any USB devices.
The EFI equivalent is doing none of those at the moment. As a result probing an fTPM driver now renders it unusable in Linux. During our (*probe) callback we open a session with OP-TEE, which is supposed to close with our (*remove) callback. Since the (*remove) is never called, once we boot into Linux and try to probe the device again we are getting a busy error response. We also never free
So let's fix this by mimicking what bootm does and disconnect devices when efi_exit_boot_services() is called. Note that for the OP-TEE case and in particular any subsequent bootloader that wants to use a device (e.g GRUB) will need to call exit_boot_services() in order to close the session.
Hello Ilias,
thanks for the patch. Adding the function calls looks correct to me,
Well the only doubt I have is what if GRUB has to extend some PCRs before calling Linux? Any idea if it's currently calling ExitBootSevices? I was considering if it would be a better idea to call the device unbinding during some kind of "exit" from U-boot's EFI code. (i.e before StartImage)
ExitBootServices() is called by the Linux EFI stub in function allocate_new_fdt_and_exit_boot().
If GRUB would call ExitBootServices(), it would not be able to launch the EFI stub via StartImage().
Yea that's my point. So with the current patch, you won't be able to access the fTPM driver from GRUB (or any other EFI application) until the Linux EFI stub calls exit boot services. Maybe calling those 2 functions in StartImage is a better idea?
Shouldn't an EFI application (such as GRUB) be using EFI protocols to access the TPM?