Bug 215277

Summary: Enabling EFI runtime services causes panics in the T2 security chip on Macs equipped with it
Product: EFI Reporter: gargaditya08
Component: ServicesAssignee: EFI Virtual User (efi)
Status: RESOLVED CODE_FIX    
Severity: high CC: gargaditya08, orlandoch.dev
Priority: P1    
Hardware: x86-64   
OS: Linux   
Kernel Version: 5.15.7 Subsystem:
Regression: No Bisected commit-id:
Attachments: Proposed patch by Ard Biesheuvel fixes the issue

Description gargaditya08 2021-12-09 05:48:29 UTC 
On enabling EFI runtime services on Macs with the T2 security chip, kernel fails to boot due panics in the T2 security chip. Using efi=noruntine (or noefi) as a kernel parameter seems to fix the issue. Also, making NVRAM read-only makes kernels boot.
Comment 1 gargaditya08 2022-01-12 10:59:08 UTC 
Created attachment 300256 [details]
Proposed patch by Ard Biesheuvel fixes the issue

Proposed patch by Ard Biesheuvel fixes the issue