Sai Praneeth Prakhya of Intel has posted a patch to the LUV project list, with new clever new abilities to increase LUV’s ability to detect bad UEFI firmware.
Presently, LUV detects illegal accesses by firmware to EFI_BOOT_SERVICES_* regions only during “SetVirtualAddressMap()”. According to UEFI spec, this function will be called only once; by kernel during boot. Hence, LUV cannot detect any other illegal accesses that firmware might do after boot. Moreover, LUV can detect illegal accesses *only* to EFI_BOOT_SERVICES_CODE/DATA regions. This patch set tries to address the above mentioned two issues:
1. Detect illegal accesses to other EFI regions (like EFI_LOADER_CODE/DATA, EFI_CONVENTIONAL_MEMORY)
2. Detect illegal accesses to these regions even after kernel has booted
Recently, we came across machines with buggy firmware that access EFI memory regions like EFI_CONVENTIONAL_MEMORY, EFI_BOOT_SERVICES_CODE/DATA and EFI_LOADER_CODE/DATA even after kernel has booted. Firmware accesses these regions when some efi_runtime_service() is invoked by test cases like FWTS. These illegal accesses can potentially cause kernel hang. Hence, it’s good to have a test case in LUV which can detect these illegal accesses and hence report them to user. This requires making changes to kernel and searching dmesg for relative warnings. As there are 9 patches to linux kernel to enable this feature and putting all these 9 kernel patches in a single LUV patch makes the LUV patch gigantic; hence I have split them into smaller ones (as suggested by Ricardo). The first patch in this series (“linux-yocto-efi-test: Do not support EFI_BOOT_SERVICES_WARN”) removes support to “EFI_BOOT_SERVICES_WARN” and the later patches add all the bits and pieces together and the 10th patch (“linux-yocto-efi-test: Introduce EFI_WARN_ON_ILLEGAL_ACCESSES”) enables the (new) feature.