Hi Mark, On Wed, Oct 21, 2020 at 03:21:51PM +0200, Mark Kettenis wrote: > > From: Ilias Apalodimas <[email protected]> > > Date: Wed, 21 Oct 2020 15:42:02 +0300 > > > > Hi Heinrich, > > > > > > On Wed, 21 Oct 2020 at 15:35, Heinrich Schuchardt <[email protected]> > > wrote: > > > > > > On 21.10.20 13:41, Ilias Apalodimas wrote: > > > > Hi Heinrich, > > > > > > > > On Wed, Oct 21, 2020 at 12:17:29PM +0200, Heinrich Schuchardt wrote: > > > >> On 10/21/20 9:32 AM, Ilias Apalodimas wrote: > > > >>> U-Boot Driver Model is supposed to remove devices with either > > > >>> DM_REMOVE_ACTIVE_DMA or DM_REMOVE_OS_PREPARE flags set, before > > > >>> exiting. > > > >>> Our bootm command does that by explicitly calling calling > > > >>> "dm_remove_devices_flags(DM_REMOVE_ACTIVE_ALL);" and we also disable > > > >>> any > > > >>> USB devices. > > > >>> > > > >>> The EFI equivalent is doing none of those at the moment. As a result > > > >>> probing an fTPM driver now renders it unusable in Linux. During our > > > >>> (*probe) callback we open a session with OP-TEE, which is supposed to > > > >>> close with our (*remove) callback. Since the (*remove) is never > > > >>> called, > > > >>> once we boot into Linux and try to probe the device again we are > > > >>> getting > > > >>> a busy error response. We also never free > > > >>> > > > >>> So let's fix this by mimicking what bootm does and disconnect devices > > > >>> when efi_exit_boot_services() is called. Note that for the OP-TEE case > > > >>> and in particular any subsequent bootloader that wants to use a device > > > >>> (e.g GRUB) will need to call exit_boot_services() in order to close > > > >>> the > > > >>> session. > > > >> > > > >> Hello Ilias, > > > >> > > > >> thanks for the patch. Adding the function calls looks correct to me, > > > > > > > > Well the only doubt I have is what if GRUB has to extend some PCRs > > > > before > > > > calling Linux? Any idea if it's currently calling ExitBootSevices? > > > > I was considering if it would be a better idea to call the device > > > > unbinding during > > > > some kind of "exit" from U-boot's EFI code. (i.e before StartImage) > > > > > > ExitBootServices() is called by the Linux EFI stub in function > > > allocate_new_fdt_and_exit_boot(). > > > > > > If GRUB would call ExitBootServices(), it would not be able to launch > > > the EFI stub via StartImage(). > > > > Yea that's my point. So with the current patch, you won't be able to > > access the fTPM driver from GRUB > > (or any other EFI application) until the Linux EFI stub calls exit > > boot services. Maybe calling those 2 functions in > > StartImage is a better idea? > > Shouldn't an EFI application (such as GRUB) be using EFI protocols to > access the TPM?
Yea I already responded to myself on the previous mail. We don't have support for the EFI protocol in U-Boot (yet), but cleaning up in exit boot services makes more sense. So I'll fix the compilation error and send a V2 with the DM removal as-is. GRUB will be able to access the TPM once we add the EFI protocols in U-boot. Cheers /Ilias
