[RFC,0/2] efi: get rid of deprecated sysfs varstore interface

Message ID	20220616124740.580708-1-ardb@kernel.org
Headers	show Return-Path: <linux-efi-owner@kernel.org> From: Ard Biesheuvel <ardb@kernel.org> To: linux-efi@vger.kernel.org Cc: Ard Biesheuvel <ardb@kernel.org>, Matthew Garrett <mjg59@srcf.ucam.org>, Peter Jones <pjones@redhat.com>, Tony Luck <tony.luck@intel.com>, Kees Cook <keescook@chromium.org>, Thomas Gleixner <tglx@linutronix.de>, Ingo Molnar <mingo@redhat.com>, Borislav Petkov <bp@alien8.de>, Dave Hansen <dave.hansen@linux.intel.com>, linux-kselftest@vger.kernel.org Subject: [RFC PATCH 0/2] efi: get rid of deprecated sysfs varstore interface Date: Thu, 16 Jun 2022 14:47:38 +0200 Message-Id: <20220616124740.580708-1-ardb@kernel.org> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Precedence: bulk
Series	efi: get rid of deprecated sysfs varstore interface \| expand [RFC,0/2] efi: get rid of deprecated sysfs varstore interface [RFC,1/2] selftests/kexec: remove broken EFI_VARS secure boot fallback check [RFC,2/2] efi: remove deprecated 'efivars' sysfs interface

Message ID

20220616124740.580708-1-ardb@kernel.org

Headers

From: Ard Biesheuvel <ardb@kernel.org>
To: linux-efi@vger.kernel.org
Cc: Ard Biesheuvel <ardb@kernel.org>,
        Matthew Garrett <mjg59@srcf.ucam.org>,
        Peter Jones <pjones@redhat.com>,
        Tony Luck <tony.luck@intel.com>,
        Kees Cook <keescook@chromium.org>,
        Thomas Gleixner <tglx@linutronix.de>,
        Ingo Molnar <mingo@redhat.com>, Borislav Petkov <bp@alien8.de>,
        Dave Hansen <dave.hansen@linux.intel.com>,
        linux-kselftest@vger.kernel.org
Subject: [RFC PATCH 0/2] efi: get rid of deprecated sysfs varstore interface
Date: Thu, 16 Jun 2022 14:47:38 +0200
Message-Id: <20220616124740.580708-1-ardb@kernel.org>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Precedence: bulk

Series

efi: get rid of deprecated sysfs varstore interface | expand

Message

Ard Biesheuvel June 16, 2022, 12:47 p.m. UTC

EFI still has two ways of exposing EFI variable to user space: the
original sysfs interface and the efivarfs pseudo-filesystem that
supersedes it, and which was introduced almost 10 years ago.

As a preparatory step towards refactoring the underlying infrastructure
shared between efivarfs and efi-pstore, I would like to finally get rid
of the sysfs interface which also uses that, but which is only enabled
on x86 and Itanium.

Cc: Matthew Garrett <mjg59@srcf.ucam.org>
Cc: Peter Jones <pjones@redhat.com>
Cc: Tony Luck <tony.luck@intel.com>
Cc: Kees Cook <keescook@chromium.org>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: Ingo Molnar <mingo@redhat.com>
Cc: Borislav Petkov <bp@alien8.de>
Cc: Dave Hansen <dave.hansen@linux.intel.com>
Cc: linux-kselftest@vger.kernel.org

Ard Biesheuvel (2):
  selftests/kexec: remove broken EFI_VARS secure boot fallback check
  efi: remove deprecated 'efivars' sysfs interface

 Documentation/x86/x86_64/uefi.rst                 |   2 +-
 arch/arm/configs/milbeaut_m10v_defconfig          |   1 -
 arch/ia64/configs/bigsur_defconfig                |   1 -
 arch/ia64/configs/generic_defconfig               |   1 -
 arch/ia64/configs/gensparse_defconfig             |   1 -
 arch/ia64/configs/tiger_defconfig                 |   1 -
 arch/ia64/configs/zx1_defconfig                   |   1 -
 arch/x86/configs/i386_defconfig                   |   1 -
 arch/x86/configs/x86_64_defconfig                 |   1 -
 drivers/firmware/efi/Kconfig                      |  12 -
 drivers/firmware/efi/Makefile                     |   1 -
 drivers/firmware/efi/efivars.c                    | 671 --------------------
 tools/testing/selftests/kexec/kexec_common_lib.sh |  36 +-
 13 files changed, 3 insertions(+), 727 deletions(-)
 delete mode 100644 drivers/firmware/efi/efivars.c

Comments

Mimi Zohar June 16, 2022, 6:08 p.m. UTC | #1

On Thu, 2022-06-16 at 14:47 +0200, Ard Biesheuvel wrote:
> Commit b433a52aa28733e0 ("selftests/kexec: update get_secureboot_mode")
> refactored the code that discovers the EFI secure boot mode so it only
> depends on either the efivars pseudo filesystem or the efivars sysfs
> interface, but never both.
> 
> However, the latter version was not implemented correctly, given the
> fact that the local 'efi_vars' variable never assumes a value. This
> means the fallback has been dead code ever since it was introduced.
> 
> So let's drop the fallback altogether. The sysfs interface has been
> deprecated for ~10 years now, and is only enabled on x86 to begin with,
> so it is time to get rid of it entirely.
> 
> Cc: Shuah Khan <shuah@kernel.org>
> Cc: Mimi Zohar <zohar@linux.ibm.com>
> Signed-off-by: Ard Biesheuvel <ardb@kernel.org>

Thanks, Ard.

Reviewed-by:  Mimi Zohar <zohar@linux.ibm.com>

Ard Biesheuvel June 24, 2022, 8:20 a.m. UTC | #2

On Fri, 17 Jun 2022 at 05:51, Mimi Zohar <zohar@linux.ibm.com> wrote:
>
> On Thu, 2022-06-16 at 14:47 +0200, Ard Biesheuvel wrote:
> > Commit b433a52aa28733e0 ("selftests/kexec: update get_secureboot_mode")
> > refactored the code that discovers the EFI secure boot mode so it only
> > depends on either the efivars pseudo filesystem or the efivars sysfs
> > interface, but never both.
> >
> > However, the latter version was not implemented correctly, given the
> > fact that the local 'efi_vars' variable never assumes a value. This
> > means the fallback has been dead code ever since it was introduced.
> >
> > So let's drop the fallback altogether. The sysfs interface has been
> > deprecated for ~10 years now, and is only enabled on x86 to begin with,
> > so it is time to get rid of it entirely.
> >
> > Cc: Shuah Khan <shuah@kernel.org>
> > Cc: Mimi Zohar <zohar@linux.ibm.com>
> > Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
>
> Thanks, Ard.
>
> Reviewed-by:  Mimi Zohar <zohar@linux.ibm.com>
>

Thanks Mimi, I've queued this up in efi/next.