From 60b2a9a7203b189a9457fdf87e922f62757add22 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Micha=C5=82=20Kope=C4=87?= Date: Mon, 1 Sep 2025 17:38:28 +0200 Subject: [PATCH 1/2] vc/dasharo/options.h: Expose descriptor writeability flag as EFI var MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Tested by booting into Ubuntu 24.04 on a NovaCustom V540TU and checking the state of the DescriptorWriteable EFI variable via efivarfs. Upstream-Status: Inappropriate [Dasharo downstream] Change-Id: Ife03e252f41a58af269f44c8e99e9c627c51c79d Signed-off-by: Michał Kopeć --- src/vendorcode/dasharo/options.c | 70 +++++++++++++++++++++++++++++++- 1 file changed, 69 insertions(+), 1 deletion(-) diff --git a/src/vendorcode/dasharo/options.c b/src/vendorcode/dasharo/options.c index 5af65f98882..ee0228a55a8 100644 --- a/src/vendorcode/dasharo/options.c +++ b/src/vendorcode/dasharo/options.c @@ -1,8 +1,11 @@ /* SPDX-License-Identifier: GPL-2.0-only */ +#include #include #include +#include #include +#include #include #include #include @@ -285,7 +288,7 @@ uint8_t cse_get_me_disable_mode(void) enum dgpu_state dasharo_dgpu_state(void) { uint8_t dgpu_state = NVIDIA_OPTIMUS; - /* + /* * 0 - IGPU_ONLY * 1 - NVIDIA_OPTIMUS (iGPU+dGPU) * 2 - DGPU_ONLY @@ -540,3 +543,68 @@ bool get_ibecc_option(bool ibecc_default) return ibecc_en; } + +/* Flash Master 1 : HOST/BIOS */ +#define FLMSTR1 0x80 + +/* Flash signature Offset */ +#define FLASH_SIGN_OFFSET 0x10 +#define FLMSTR_WR_SHIFT_V2 20 +#define FLASH_VAL_SIGN 0xFF0A55A + +#define SI_DESC_REGION "SI_DESC" +/* From MTL it is larger, but we still just need the first 4K */ +#define SI_DESC_SIZE 0x1000 + +/* It checks whether host (Flash Master 1) has write access to the Descriptor Region or not */ +static bool is_descriptor_writeable(uint8_t *desc) +{ + /* Check flash has valid signature */ + if (read32((void *)(desc + FLASH_SIGN_OFFSET)) != FLASH_VAL_SIGN) { + printk(BIOS_ERR, "Flash Descriptor is not valid\n"); + return 0; + } + /* Check host has write access to the Descriptor Region */ + if (!((read32((void *)(desc + FLMSTR1)) >> FLMSTR_WR_SHIFT_V2) & BIT(0))) + return 0; + + return 1; +} + +/* + * This function sets an EFI variable to signal to EDK2 whether the descriptor + * is locked, which affects the visibility and functionality of certain features + */ +static void set_descriptor_lockdown_option(void *unused) +{ + uint8_t si_desc_buf[SI_DESC_SIZE]; + struct region_device desc_rdev, smmstore_rdev; + uint8_t descriptor_writeable; + + if (!CONFIG(INTEL_DESCRIPTOR_MODE_CAPABLE) || !CONFIG(SMMSTORE)) + return; + + if (smmstore_lookup_region(&smmstore_rdev)) + return; + + if (fmap_locate_area_as_rdev_rw(SI_DESC_REGION, &desc_rdev) < 0) { + printk(BIOS_ERR, "Failed to locate %s in the FMAP\n", SI_DESC_REGION); + return; + } + + if (rdev_readat(&desc_rdev, si_desc_buf, 0, SI_DESC_SIZE) != SI_DESC_SIZE) { + printk(BIOS_ERR, "Failed to read Descriptor Region from SPI Flash\n"); + return; + } + + descriptor_writeable = is_descriptor_writeable(si_desc_buf); + + printk(BIOS_DEBUG, "Descriptor is %swriteable\n", descriptor_writeable ? "" : "not "); + + efi_fv_set_option(&smmstore_rdev, + &dasharo_system_features_guid, + "DescriptorWriteable", + &descriptor_writeable, + sizeof(descriptor_writeable)); +} +BOOT_STATE_INIT_ENTRY(BS_POST_DEVICE, BS_ON_ENTRY, set_descriptor_lockdown_option, NULL); From e1c904d8de707c229eb1e2af853695161c6d74f2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Micha=C5=82=20Kope=C4=87?= Date: Tue, 2 Sep 2025 11:52:58 +0200 Subject: [PATCH 2/2] vc/dasharo/options.c: Don't enable HMRFPO on capsule update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Don't issue HMRFPO if Capsule Update is enabled, as HMRFPO causes a global reset which corrupts capsules. Upstream-Status: Inappropriate [Dasharo downstream] Change-Id: I2dc0384360c1028d547c572f47f8a767abc61fe2 Signed-off-by: Michał Kopeć --- src/vendorcode/dasharo/options.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/src/vendorcode/dasharo/options.c b/src/vendorcode/dasharo/options.c index ee0228a55a8..872e3e237b7 100644 --- a/src/vendorcode/dasharo/options.c +++ b/src/vendorcode/dasharo/options.c @@ -273,8 +273,12 @@ uint8_t cse_get_me_disable_mode(void) read_u8_var("MeMode", &var); } - /* Disable ME via HMRPFO if in Firmware Update Mode */ - if (CONFIG(DASHARO_FIRMWARE_UPDATE_MODE) && fum) { + /* + * Disable ME via HMRPFO if in Firmware Update Mode + * Don't do it if capsules are supported, as capsule updates are not + * currently compatible with HMRFPO + */ + if (CONFIG(DASHARO_FIRMWARE_UPDATE_MODE) && fum && !(CONFIG(DRIVERS_EFI_UPDATE_CAPSULES))) { /* Check if already in HMRFPO mode */ if (cse_is_hfs1_com_secover_mei_msg()) return ME_MODE_DISABLE_HMRFPO;