In the arm64 pKVM environment, all FF-A requests fail until the FF-A driver is initialized, as the FF-A version is not negotiated with the hypervisor beforehand.
When FF-A is built-in and pKVM is enabled, pKVM finalises its initialization at the device_initcall_sync level, while the FF-A driver is initialized later at the late_initcall stage via deferred probe. When the EFI variable service runs with StandaloneMm, it uses FFA_DIRECT_MSG to access EFI variables. As a result, load_uefi_certs() always fails in this environment. To address this issue, defer load_uefi_certs() to the late_initcall_sync level. Signed-off-by: Yeoreum Yun <[email protected]> --- security/integrity/platform_certs/load_uefi.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/security/integrity/platform_certs/load_uefi.c b/security/integrity/platform_certs/load_uefi.c index c0d6948446c3..cc2b879df5b6 100644 --- a/security/integrity/platform_certs/load_uefi.c +++ b/security/integrity/platform_certs/load_uefi.c @@ -235,4 +235,4 @@ static int __init load_uefi_certs(void) return rc; } -late_initcall(load_uefi_certs); +late_initcall_sync(load_uefi_certs); -- LEVI:{C3F47F37-75D8-414A-A8BA-3980EC8A46D7}
