Re: [BUG][SEVERE] Enabling EFI runtime services causes panics in the T2 security chip on Macs equipped with it.

From: Aditya Garg
Date: Wed Jan 12 2022 - 01:24:25 EST


Hi Ard
As I said before, if I apply the patch below, the things work well
>
> Can you check whether things work as before after applying the change below?
>
> diff --git a/arch/x86/platform/efi/efi.c b/arch/x86/platform/efi/efi.c
> index 147c30a81f15..d7203355cc69 100644
> --- a/arch/x86/platform/efi/efi.c
> +++ b/arch/x86/platform/efi/efi.c
> @@ -399,7 +399,7 @@ static int __init efi_systab_init(unsigned long phys)
> efi_nr_tables = systab32->nr_tables;
> }
>
> - efi.runtime_version = hdr->revision;
> + efi.runtime_version = EFI_1_10_SYSTEM_TABLE_REVISION;
>
> efi_systab_report_header(hdr, efi_fw_vendor);
> early_memunmap(p, size);

Now, I tried to quirk on the basis of DMI data for some t2 Macs using this patch :-

diff --git a/arch/x86/platform/efi/efi.c b/arch/x86/platform/efi/efi.c
index 147c30a81..0d73d7709 100644
--- a/arch/x86/platform/efi/efi.c
+++ b/arch/x86/platform/efi/efi.c
@@ -44,6 +44,7 @@
#include <linux/io.h>
#include <linux/reboot.h>
#include <linux/bcd.h>
+#include <linux/dmi.h>

#include <asm/setup.h>
#include <asm/efi.h>
@@ -339,6 +340,52 @@ void __init efi_print_memmap(void)
}
}

+static const struct dmi_system_id apple_use_old_runtime_version[] = {
+ {
+ .matches = {
+ DMI_MATCH(DMI_BOARD_VENDOR, "Apple Inc."),
+ DMI_MATCH(DMI_PRODUCT_NAME, "MacBookPro16,1"),
+ },
+ },
+ {
+ .matches = {
+ DMI_MATCH(DMI_BOARD_VENDOR, "Apple Inc."),
+ DMI_MATCH(DMI_PRODUCT_NAME, "MacBookPro16,2"),
+ },
+ },
+ {
+ .matches = {
+ DMI_MATCH(DMI_BOARD_VENDOR, "Apple Inc."),
+ DMI_MATCH(DMI_PRODUCT_NAME, "MacBookPro16,4"),
+ },
+ },
+ {
+ .matches = {
+ DMI_MATCH(DMI_BOARD_VENDOR, "Apple Inc."),
+ DMI_MATCH(DMI_PRODUCT_NAME, "MacBookAir8,1"),
+ },
+ },
+ {
+ .matches = {
+ DMI_MATCH(DMI_BOARD_VENDOR, "Apple Inc."),
+ DMI_MATCH(DMI_PRODUCT_NAME, "MacBookAir8,2"),
+ },
+ },
+ {
+ .matches = {
+ DMI_MATCH(DMI_BOARD_VENDOR, "Apple Inc."),
+ DMI_MATCH(DMI_PRODUCT_NAME, "iMac20,1"),
+ },
+ },
+ {
+ .matches = {
+ DMI_MATCH(DMI_BOARD_VENDOR, "Apple Inc."),
+ DMI_MATCH(DMI_PRODUCT_NAME, "iMac20,2"),
+ },
+ },
+ { }
+};
+
static int __init efi_systab_init(unsigned long phys)
{
int size = efi_enabled(EFI_64BIT) ? sizeof(efi_system_table_64_t)
@@ -347,6 +394,7 @@ static int __init efi_systab_init(unsigned long phys)
bool over4g = false;
void *p;
int ret;
+ const struct dmi_system_id *dmi_id;

hdr = p = early_memremap_ro(phys, size);
if (p == NULL) {
@@ -398,8 +446,15 @@ static int __init efi_systab_init(unsigned long phys)
efi_config_table = systab32->tables;
efi_nr_tables = systab32->nr_tables;
}
-
- efi.runtime_version = hdr->revision;
+
+ dmi_id = dmi_first_match(apple_use_old_runtime_version);
+ if (dmi_id) {
+ efi.runtime_version = EFI_1_10_SYSTEM_TABLE_REVISION;
+ pr_info("T2 Mac detected. Using runtime service version 1.10\n");
+ }
+ else {
+ efi.runtime_version = hdr->revision;
+ }

efi_systab_report_header(hdr, efi_fw_vendor);
early_memunmap(p, size);
--
2.25.1

But, now the issue doesn't seen to get resolved
Could you help me in this?