On Mon, Dec 2, 2024 at 9:25 PM Rebecca Cran via groups.io <rebecca=bsdio....@groups.io> wrote: > > I've set up Secure Boot for my firmware, but I'm having problems when > trying to have fwupdmgr install a DBX update. > > Since I've run into problems setting up arm64_DBXUpdate.bin from > uefi.org or DefaultDbx.bin from a build of secureboot_objects I'm > generating my own certificate and installing that as dbxDefault just so > that the variable exists. > > I reset the entire SPI-NOR to default (i.e. deleting any existing > variables), then enable Secure Boot in UiApp and boot openSUSE. When I > run fwupmgr update, I get: > > localhost:~ # fwupdmgr update > Devices with no available firmware updates: > • System Firmware > • WD BLACK SN850X 4000GB > ╔══════════════════════════════════════════════════════════════════════════════╗ > ║ Upgrade UEFI dbx from 0 to > 26? ║ > ╠══════════════════════════════════════════════════════════════════════════════╣ > ║ Insecure versions of the Microsoft Windows boot manager affected by > Black ║ > ║ Lotus were added to the list of forbidden signatures due to a > discovered ║ > ║ security problem.This updates the dbx to the latest release from > Microsoft. ║ > ║ ║ > ║ Before installing the update, fwupd will check for any affected > executables ║ > ║ in the ESP and will refuse to update if it finds any boot binaries > signed ║ > ║ with any of the forbidden signatures.Applying this update may also > cause ║ > ║ some Windows install media to not start > correctly. ║ > ║ ║ > ╚══════════════════════════════════════════════════════════════════════════════╝ > Perform operation? [Y|n]: y > Downloading… [ - ] > > Decompressing… [***************************************] > > Authenticating… [***************************************] > > Waiting… [***************************************] > > Writing… [***************************************] > > Restarting device… [ ] > > Writing… [ ] > > Decompressing… [ ] > > Writing… [ > > [ 53.309930][ T360] [Firmware Bug]: Unable to handle paging request > in EFI runtime service > ] > failed to write data to efivarfs: Error writing to file descriptor: > Input/output error > > > And dmesg shows: > > [ 53.309930] [ T360] [Firmware Bug]: Unable to handle paging > request in EFI runtime service > [ 53.321038] [ T2422] ------------[ cut here ]------------ > [ 53.321047] [ T2422] WARNING: CPU: 42 PID: 2422 at > drivers/firmware/efi/runtime-wrappers.c:341 __efi_queue_work+0xe4/0x120 > [ 53.321062] [ T2422] Modules linked in: af_packet nft_fib_inet > nft_fib_ipv4 nft_fib_ipv6 nft_fib nft_reject_inet nf_reject_ipv4 > nf_reject_ipv6 nft_reject nft_ct nft_chain_nat ebtable_nat > ebtable_broute rfkill ip6table_nat ip6table_mangle ip6table_raw > ip6table_security iptable_nat nf_nat nf_conntrack nf_defrag_ipv6 > nf_defrag_ipv4 iptable_mangle iptable_raw iptable_security > ebtable_filter ebtables ip6table_filter ip6_tables qrtr nf_tables > iptable_filter binfmt_misc joydev cdc_subset cdc_ether usbnet cdc_acm > mii nls_iso8859_1 nls_cp437 vfat fat snd_usb_audio snd_usbmidi_lib > snd_hwdep snd_ump snd_rawmidi uas snd_seq_device usb_storage mc snd_pcm > sd_mod scsi_dh_emc snd_timer scsi_dh_rdac scsi_dh_alua snd hid_generic > sg soundcore scsi_mod usbhid scsi_common acpi_ipmi ipmi_ssif > ipmi_devintf tiny_power_button igb arm_spe_pmu ipmi_msghandler button > arm_cmn acpiphp_ampere_altra arm_dmc620_pmu arm_dsu_pmu cppc_cpufreq > nvme_fabrics fuse nvme_keyring loop efi_pstore dm_mod nfnetlink > dmi_sysfs ip_tables x_tables aes_ce_blk aes_ce_cipher > [ 53.321224] [ T2422] crct10dif_ce xhci_pci xhci_pci_renesas > polyval_ce polyval_generic ghash_ce gf128mul xhci_hcd sm4 sha2_ce nvme > sha256_arm64 usbcore sha1_ce nvme_core sbsa_gwdt ast nvme_auth > i2c_algo_bit usb_common xgene_hwmon gpio_dwapb btrfs blake2b_generic > libcrc32c xor xor_neon raid6_pq i2c_dev efivarfs > [ 53.321279] [ T2422] CPU: 42 UID: 0 PID: 2422 Comm: fwupd Tainted: > G I 6.11.8-1-default #1 openSUSE Tumbleweed > 1400000003000000474e5500ae3eced04b985462 > [ 53.321290] [ T2422] Tainted: [I]=FIRMWARE_WORKAROUND > [ 53.321293] [ T2422] Hardware name: Adlink Ampere Altra Developer > Platform/COM-HPC-Carrier, BIOS TianoCore 24.12.02-01 (SYS: > 2.10.20230517) 12/02/2024 > [ 53.321296] [ T2422] pstate: 60400009 (nZCv daif +PAN -UAO -TCO > -DIT -SSBS BTYPE=--) > [ 53.321303] [ T2422] pc : __efi_queue_work+0xe4/0x120 > [ 53.321308] [ T2422] lr : __efi_queue_work+0xd0/0x120 > [ 53.321312] [ T2422] sp : ffff80008583b940 > [ 53.321315] [ T2422] x29: ffff80008583b940 x28: ffff07ff8bcc4500 > x27: 0000000000000000 > [ 53.321324] [ T2422] x26: 0000000000001208 x25: ffff07ff94859c00 > x24: 0000000000000067 > [ 53.321332] [ T2422] x23: ffff07ff94859800 x22: ffff07ff94859c00 > x21: 0000000000001202 > [ 53.321339] [ T2422] x20: ffffaa255f9655a8 x19: ffffaa255f965548 > x18: 0000000000000001 > [ 53.321345] [ T2422] x17: ffff07ff90946340 x16: ffffaa255d6b3198 > x15: 000000000000037d > [ 53.321352] [ T2422] x14: 0000000000000001 x13: 0000000000000000 > x12: 0000000000000800 > [ 53.321359] [ T2422] x11: 071c71c71c71c71c x10: 0000000000001bc0 x9 > : ffffaa255da39d18 > [ 53.321366] [ T2422] x8 : ffff07ff8bcc6120 x7 : 0000000000000000 x6 > : 00000000000003e8 > [ 53.321372] [ T2422] x5 : 00000000410fd0c0 x4 : 0000000000300001 x3 > : 0000000000000000 > [ 53.321379] [ T2422] x2 : 0000000000000000 x1 : 8000000000000015 x0 > : 8000000000000015 > [ 53.321385] [ T2422] Call trace: > [ 53.321388] [ T2422] __efi_queue_work+0xe4/0x120 > [ 53.321392] [ T2422] virt_efi_set_variable+0x74/0xe0 > [ 53.321398] [ T2422] efivar_set_variable_locked+0x7c/0x100 > [ 53.321402] [ T2422] efivar_entry_set_get_size+0x9c/0x170 > [efivarfs 1400000003000000474e55008e4f4f0ee8473f7a] > [ 53.321414] [ T2422] efivarfs_file_write+0x140/0x2e0 [efivarfs > 1400000003000000474e55008e4f4f0ee8473f7a] > [ 53.321421] [ T2422] vfs_write+0xdc/0x370 > [ 53.321427] [ T2422] ksys_write+0x78/0x120 > [ 53.321431] [ T2422] __arm64_sys_write+0x24/0x40 > [ 53.321435] [ T2422] invoke_syscall+0x6c/0x100 > [ 53.321443] [ T2422] el0_svc_common.constprop.0+0xc8/0xf0 > [ 53.321450] [ T2422] do_el0_svc+0x24/0x38 > [ 53.321457] [ T2422] el0_svc+0x3c/0x170 > [ 53.321464] [ T2422] el0t_64_sync_handler+0x120/0x130 > [ 53.321470] [ T2422] el0t_64_sync+0x1a8/0x1b0 > [ 53.321475] [ T2422] ---[ end trace 0000000000000000 ]--- > [ 53.321489] [ T2422] efi: EFI Runtime Services are disabled! > > > I have no idea how to go about debugging why the SetVariable call is > causing the crash. Is it likely to be the way I've got dbxDefault set > up, or does anyone know how I could debug it further?
Since this seems to be a dev board, don't you have the symbols for your firmware? :) -- Pedro -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#120856): https://edk2.groups.io/g/devel/message/120856 Mute This Topic: https://groups.io/mt/109889108/21656 Group Owner: devel+ow...@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
