From nobody Tue Dec 23 12:10:55 2025
Received: from out-180.mta1.migadu.com (out-180.mta1.migadu.com
 [95.215.58.180])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id E3BCA21C160
	for <linux-kernel@vger.kernel.org>; Wed,  3 Dec 2025 04:29:40 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
 arc=none smtp.client-ip=95.215.58.180
ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1764736182; cv=none;
 b=LzaSxF3khnoBN9wETgbi2LZqxxMcnl4nJqe6OBju5xXA3vWcM1OOpFhIqUEfioeXchdLaPLZyydSm3XxsbqYr1TEj70cCi0niR3U/HWex8vd7sb5TN14aqJIyZQuAiJg9Mzatqov9HPpsXWuq6maMywE3UsyzYKI4C2ppAt+ftE=
ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1764736182; c=relaxed/simple;
	bh=PRKsoquST5llbW2p7IYcBfsRWWFkLjLhJ2QscrO59LM=;
	h=From:To:Cc:Subject:Date:Message-ID:MIME-Version;
 b=fh/je7/lP8VZ3blYWFLq+JP41A12Do47/tqrxdjutiBSS6Q0j/NEIG3nZS+K8f0OmrC4OrbSe5c3Sh5FXB9ydOUdUZs6V42zXvpviWUDlsFxVGNGeaj/eVQ2dQEjdHVyzZYuJoYkqBM04X4ld+JmTR9U6zxlBdTmJJ0llbObf7c=
ARC-Authentication-Results: i=1; smtp.subspace.kernel.org;
 dmarc=pass (p=quarantine dis=none) header.from=packett.cool;
 spf=pass smtp.mailfrom=packett.cool;
 dkim=pass (2048-bit key) header.d=packett.cool header.i=@packett.cool
 header.b=u1KQvWd2; arc=none smtp.client-ip=95.215.58.180
Authentication-Results: smtp.subspace.kernel.org;
 dmarc=pass (p=quarantine dis=none) header.from=packett.cool
Authentication-Results: smtp.subspace.kernel.org;
 spf=pass smtp.mailfrom=packett.cool
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=packett.cool header.i=@packett.cool
 header.b="u1KQvWd2"
X-Report-Abuse: Please report any abuse attempt to abuse@migadu.com and
 include these headers.
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=packett.cool;
	s=key1; t=1764736168;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:cc:mime-version:mime-version:
	 content-transfer-encoding:content-transfer-encoding;
	bh=HPuG0LGeUpQwYmuvaU8Ip5v/4vYxot6m+IfFCu3J3gw=;
	b=u1KQvWd24yzXZPkBz/vFdBoVCQ8o9oRsFBx2dajCx16QXA4SmncNE2rBBY62JzcNrAQR8V
	BCZKM1dPOQpF7nNsr2v2ab3h53vOxd8/R1EUs8Tx3KMhHyeMimNy5fjDRTbXOpXnjHfzny
	aLAH4oyii0phwKBdI0WrJ+GpP/AszUmiOF0thBIWaa3rGFLM3VtiV9M9e6y9m98OggeMrR
	QvZMC9oEFoi3mjXUztMmjT/iF8GI9+kmag4SSLwcNKdigBfOF8DWgtebY53EVOY6K/66wT
	JuCAHKADdtyfCjYQZbVxOff0KzE1jc9Ve/dTLYwxENTLSj2/g++NhQpvxsbqLA==
From: Val Packett <val@packett.cool>
To: Kees Cook <kees@kernel.org>,
	Tony Luck <tony.luck@intel.com>,
	"Guilherme G. Piccoli" <gpiccoli@igalia.com>,
	Ard Biesheuvel <ardb@kernel.org>
Cc: Val Packett <val@packett.cool>,
	linux-hardening@vger.kernel.org,
	linux-efi@vger.kernel.org,
	linux-kernel@vger.kernel.org
Subject: [PATCH] efi: pstore: Support late setup with TEE-backed efivars ops
Date: Wed,  3 Dec 2025 01:28:29 -0300
Message-ID: <20251203042850.14210-1-val@packett.cool>
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
X-Migadu-Flow: FLOW_OUT
Content-Type: text/plain; charset="utf-8"

On some platforms, EFI variable services only become available when an
appropriate TEE driver is initialized such as qseecom, gsmi or stmm.

This would work fine when efi_pstore was built as a module and loaded
late by userspace, but with CONFIG_EFI_VARS_PSTORE=3Dy this driver would
quit due to non-writable efivars before the necessary driver had any
chance to load.

Listen to efivar_ops_nh notifications and retry the initialization when
writable EFI variable ops become available.

Signed-off-by: Val Packett <val@packett.cool>
Acked-by: Kees Cook <kees@kernel.org>
---
 drivers/firmware/efi/efi-pstore.c | 32 +++++++++++++++++++++++++++----
 1 file changed, 28 insertions(+), 4 deletions(-)

diff --git a/drivers/firmware/efi/efi-pstore.c b/drivers/firmware/efi/efi-p=
store.c
index a253b6144945..ad5192d5892e 100644
--- a/drivers/firmware/efi/efi-pstore.c
+++ b/drivers/firmware/efi/efi-pstore.c
@@ -253,14 +253,11 @@ static struct pstore_info efi_pstore_info =3D {
 	.erase		=3D efi_pstore_erase,
 };
=20
-static int efivars_pstore_init(void)
+static int efivars_pstore_setup(void)
 {
 	if (!efivar_supports_writes())
 		return 0;
=20
-	if (pstore_disable)
-		return 0;
-
 	/*
 	 * Notice that 1024 is the minimum here to prevent issues with
 	 * decompression algorithms that were spotted during tests;
@@ -285,8 +282,35 @@ static int efivars_pstore_init(void)
 	return 0;
 }
=20
+static int efivars_pstore_ops_notifier(struct notifier_block *nb,
+				 unsigned long event, void *data)
+{
+	if (event =3D=3D EFIVAR_OPS_RDWR && !efi_pstore_info.bufsize)
+		efivars_pstore_setup();
+
+	return NOTIFY_OK;
+}
+
+static struct notifier_block efivars_pstore_ops_notifier_block =3D {
+	.notifier_call =3D efivars_pstore_ops_notifier,
+};
+
+static int efivars_pstore_init(void)
+{
+	if (pstore_disable)
+		return 0;
+
+	blocking_notifier_chain_register(&efivar_ops_nh,
+					&efivars_pstore_ops_notifier_block);
+
+	return efivars_pstore_setup();
+}
+
 static void efivars_pstore_exit(void)
 {
+	blocking_notifier_chain_unregister(&efivar_ops_nh,
+					&efivars_pstore_ops_notifier_block);
+
 	if (!efi_pstore_info.bufsize)
 		return;
=20
--=20
2.51.0