Re: [PATCH] firmware: export x86_64 platform flash bios region via sysfs

From: Richard Hughes
Date: Thu Nov 11 2021 - 06:46:57 EST


On Thu, 11 Nov 2021 at 10:33, Mika Westerberg
<mika.westerberg@xxxxxxxxxxxxxxx> wrote:
> OK, I see from your patch that it uses the direct mapped read-only
> region to read this data.

Sorry for the delay in replying here. What I like about Hans-Gert's
patch is that it's always going to work on x64 -- if the system
firmware isn't available at that offset then the platform just isn't
going to boot. It's super simple, and means we can read out the hugely
complex UEFI blob without asking the user to turn off kernel lockdown
and secure boot so we can run the security verification tools. At the
moment we're in this strange situation where we ask the user to
cripple their platform security to run the platform security tools.

> Do we know what information exactly fwupd needs? I mean exposing all of
> this might not be good idea from security perspective (but I'm not an
> expert).

Ideally, fwupd needs the entire IFD partition which contains all the
EFI File Volumes. We already parse these when the user is booting
without secure boot using the Intel SPI controller and doing *evil*
hacks to make the PCI device visible. The reason we want to parse the
BIOS can be explained pretty easily; at startup we look at the TPM
PCRs and we know very quickly and easily if the system firmware event
has changed. If the checksum changed, then the firmware was modified
in some way. However, saying to the user that "checksum changed" isn't
useful at all. What we want to do is say something like "an EFI binary
called RootKitz.efi was added" or "the AmiTcgPlatformPeiAfterMem.efi
binary changed" and actually report what was done. At the moment we
can do this, but not if /dev/mem cannot be used.

> However, we can perhaps expose some of it through intel-spi,
> and make that work so that distros can enable it safely.

I think, if we're being honest, that Intel has no plans to make
intel-spi available as a RO interface of any sort. There's some sort
of hardware errata or misdesign that nobody can mention that makes the
RO access unsafe. I think it's probably more than missing arbitration.

Richard