[U-Boot] efi_loader: implementing non-volatile UEFI variables

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Ilias Apalodimas <ilias.apalodimas@linaro.org>
To: u-boot@lists.denx.de
Subject: [U-Boot] efi_loader: implementing non-volatile UEFI variables
Date: Tue, 25 Jun 2019 12:11:40 +0300	[thread overview]
Message-ID: <20190625091140.GA19606@apalos> (raw)
In-Reply-To: <20190624102331.5B119240085@gemini.denx.de>

Dear Wolfgang,
> > 
> > thanks a lot for the good online meeting this morning together with your
> > colleague Suggan where we discussed the requirements for the
> > implementation of non-volatile variables in U-Boot.
> > 
> > Currently UEFI variables are stored in U-Boot variables. Saving the
> > U-Boot variables will persist all UEFI variables in the environment both
> > volatile and non-volatile. This does not conform the the UEFI standard.
> 
> Is this the only problem of using the environment as storage?
> 
No it's not. For UEFI secure variables you need authentication, signature checks
amongst other things. 
> > To provide a secure storage Linaro is considering to implement an OP-TEE
> > module for variable storage and as alternative to this OP-TEE module a
> > standalone MM service which will be a BL32 ATF module.
> > 
> > So in future we will have possibly three alternative drivers for UEFI
> > variables:
> > 
> > - U-Boot only implementation
> >   (what is now in lib/efi_loader/efi_variable.c)
> > - OP-TEE module
> > - standalone MM service
> > 
> > And maybe a fourth dummy one implementing no variable service at all.
> 
> Is this really a good idea?
> 
> 
> If the volatile / non-volatile behaviour is the onlyh problem you
> see with using environment variables, would it then not make much
> more sense to extend the environment flags concept by adding a
> "volatile" flag, with the meaing that such variables don;t get
> written by "env save"?
Yes but the volatile/non-volatile is the least of our problems

> 
> This would also make sense in some other places - for example, the
> "filesize" variable is a perfect candidate to be flagged as
> "volatile".  There is absolutely no use in saving it persistently.
> 
> 
> So such an extension would be useful for others, too, and might
> eventually avoid so many different implementations for the same
> task?  Also, the implementation should be straightforward...
You need Secure variables. That implies they should live in Non-Secure world nor
you should store them is some NOr//NAND flash that you can manipulate under
linux with fw_setenv.


I personally think storing UEFI and U-Boot env variables in the *same* storage
partition a bad idea. I also considering mixing apples and oranges. They are two
completely different things. The fact that it was easy to use existing U-Boot
primitives to make that happen does not make the approach correct. It just makes
it easier.

Rergards
/Ilias

next prev parent reply	other threads:[~2019-06-25  9:11 UTC|newest]

Thread overview: 22+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2019-06-20  8:06 [U-Boot] efi_loader: implementing non-volatile UEFI variables Heinrich Schuchardt
2019-06-20  8:30 ` Ilias Apalodimas
2019-06-24 10:23 ` Wolfgang Denk
2019-06-24 17:57   ` Heinrich Schuchardt
2019-06-24 18:50     ` Wolfgang Denk
2019-06-24 19:10       ` Heinrich Schuchardt
2019-06-25  1:10         ` AKASHI Takahiro
2019-06-25  4:41           ` Heinrich Schuchardt
2019-06-25  6:33           ` Wolfgang Denk
2019-06-25  7:59             ` AKASHI Takahiro
2019-06-25  9:11               ` Wolfgang Denk
2019-06-26  5:26                 ` AKASHI Takahiro
2019-06-26  9:18                   ` Wolfgang Denk
2019-06-25  5:56         ` Wolfgang Denk
2019-06-25  9:11   ` Ilias Apalodimas [this message]
2019-06-25  9:27     ` Wolfgang Denk
2019-06-26  7:37       ` Ilias Apalodimas
2019-06-26  9:44         ` Wolfgang Denk
2019-06-27  5:15           ` AKASHI Takahiro
2019-06-27  7:08             ` Ilias Apalodimas
2019-06-28  7:34               ` Wolfgang Denk
2019-06-28  7:26             ` Wolfgang Denk

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20190625091140.GA19606@apalos \
    --to=ilias.apalodimas@linaro.org \
    --cc=u-boot@lists.denx.de \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.