[U-Boot] efi_loader: implementing non-volatile UEFI variables

public inbox for u-boot@lists.denx.de
 help / color / mirror / Atom feed

From: Ilias Apalodimas <ilias.apalodimas@linaro.org>
To: u-boot@lists.denx.de
Subject: [U-Boot] efi_loader: implementing non-volatile UEFI variables
Date: Tue, 25 Jun 2019 12:11:40 +0300	[thread overview]
Message-ID: <20190625091140.GA19606@apalos> (raw)
In-Reply-To: <20190624102331.5B119240085@gemini.denx.de>

Dear Wolfgang,
> > 
> > thanks a lot for the good online meeting this morning together with your
> > colleague Suggan where we discussed the requirements for the
> > implementation of non-volatile variables in U-Boot.
> > 
> > Currently UEFI variables are stored in U-Boot variables. Saving the
> > U-Boot variables will persist all UEFI variables in the environment both
> > volatile and non-volatile. This does not conform the the UEFI standard.
> 
> Is this the only problem of using the environment as storage?
> 
No it's not. For UEFI secure variables you need authentication, signature checks
amongst other things. 
> > To provide a secure storage Linaro is considering to implement an OP-TEE
> > module for variable storage and as alternative to this OP-TEE module a
> > standalone MM service which will be a BL32 ATF module.
> > 
> > So in future we will have possibly three alternative drivers for UEFI
> > variables:
> > 
> > - U-Boot only implementation
> >   (what is now in lib/efi_loader/efi_variable.c)
> > - OP-TEE module
> > - standalone MM service
> > 
> > And maybe a fourth dummy one implementing no variable service at all.
> 
> Is this really a good idea?
> 
> 
> If the volatile / non-volatile behaviour is the onlyh problem you
> see with using environment variables, would it then not make much
> more sense to extend the environment flags concept by adding a
> "volatile" flag, with the meaing that such variables don;t get
> written by "env save"?
Yes but the volatile/non-volatile is the least of our problems

> 
> This would also make sense in some other places - for example, the
> "filesize" variable is a perfect candidate to be flagged as
> "volatile".  There is absolutely no use in saving it persistently.
> 
> 
> So such an extension would be useful for others, too, and might
> eventually avoid so many different implementations for the same
> task?  Also, the implementation should be straightforward...
You need Secure variables. That implies they should live in Non-Secure world nor
you should store them is some NOr//NAND flash that you can manipulate under
linux with fw_setenv.


I personally think storing UEFI and U-Boot env variables in the *same* storage
partition a bad idea. I also considering mixing apples and oranges. They are two
completely different things. The fact that it was easy to use existing U-Boot
primitives to make that happen does not make the approach correct. It just makes
it easier.

Rergards
/Ilias

next prev parent reply	other threads:[~2019-06-25  9:11 UTC|newest]

Thread overview: 22+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2019-06-20  8:06 [U-Boot] efi_loader: implementing non-volatile UEFI variables Heinrich Schuchardt
2019-06-20  8:30 ` Ilias Apalodimas
2019-06-24 10:23 ` Wolfgang Denk
2019-06-24 17:57   ` Heinrich Schuchardt
2019-06-24 18:50     ` Wolfgang Denk
2019-06-24 19:10       ` Heinrich Schuchardt
2019-06-25  1:10         ` AKASHI Takahiro
2019-06-25  4:41           ` Heinrich Schuchardt
2019-06-25  6:33           ` Wolfgang Denk
2019-06-25  7:59             ` AKASHI Takahiro
2019-06-25  9:11               ` Wolfgang Denk
2019-06-26  5:26                 ` AKASHI Takahiro
2019-06-26  9:18                   ` Wolfgang Denk
2019-06-25  5:56         ` Wolfgang Denk
2019-06-25  9:11   ` Ilias Apalodimas [this message]
2019-06-25  9:27     ` Wolfgang Denk
2019-06-26  7:37       ` Ilias Apalodimas
2019-06-26  9:44         ` Wolfgang Denk
2019-06-27  5:15           ` AKASHI Takahiro
2019-06-27  7:08             ` Ilias Apalodimas
2019-06-28  7:34               ` Wolfgang Denk
2019-06-28  7:26             ` Wolfgang Denk

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20190625091140.GA19606@apalos \
    --to=ilias.apalodimas@linaro.org \
    --cc=u-boot@lists.denx.de \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox