> From: Ilias Apalodimas <[email protected]> > Date: Wed, 21 Oct 2020 15:42:02 +0300 > > Hi Heinrich, > > > On Wed, 21 Oct 2020 at 15:35, Heinrich Schuchardt <[email protected]> wrote: > > > > On 21.10.20 13:41, Ilias Apalodimas wrote: > > > Hi Heinrich, > > > > > > On Wed, Oct 21, 2020 at 12:17:29PM +0200, Heinrich Schuchardt wrote: > > >> On 10/21/20 9:32 AM, Ilias Apalodimas wrote: > > >>> U-Boot Driver Model is supposed to remove devices with either > > >>> DM_REMOVE_ACTIVE_DMA or DM_REMOVE_OS_PREPARE flags set, before exiting. > > >>> Our bootm command does that by explicitly calling calling > > >>> "dm_remove_devices_flags(DM_REMOVE_ACTIVE_ALL);" and we also disable any > > >>> USB devices. > > >>> > > >>> The EFI equivalent is doing none of those at the moment. As a result > > >>> probing an fTPM driver now renders it unusable in Linux. During our > > >>> (*probe) callback we open a session with OP-TEE, which is supposed to > > >>> close with our (*remove) callback. Since the (*remove) is never called, > > >>> once we boot into Linux and try to probe the device again we are getting > > >>> a busy error response. We also never free > > >>> > > >>> So let's fix this by mimicking what bootm does and disconnect devices > > >>> when efi_exit_boot_services() is called. Note that for the OP-TEE case > > >>> and in particular any subsequent bootloader that wants to use a device > > >>> (e.g GRUB) will need to call exit_boot_services() in order to close the > > >>> session. > > >> > > >> Hello Ilias, > > >> > > >> thanks for the patch. Adding the function calls looks correct to me, > > > > > > Well the only doubt I have is what if GRUB has to extend some PCRs before > > > calling Linux? Any idea if it's currently calling ExitBootSevices? > > > I was considering if it would be a better idea to call the device > > > unbinding during > > > some kind of "exit" from U-boot's EFI code. (i.e before StartImage) > > > > ExitBootServices() is called by the Linux EFI stub in function > > allocate_new_fdt_and_exit_boot(). > > > > If GRUB would call ExitBootServices(), it would not be able to launch > > the EFI stub via StartImage(). > > Yea that's my point. So with the current patch, you won't be able to > access the fTPM driver from GRUB > (or any other EFI application) until the Linux EFI stub calls exit > boot services. Maybe calling those 2 functions in > StartImage is a better idea?
Shouldn't an EFI application (such as GRUB) be using EFI protocols to access the TPM?
