[U-Boot] efi_loader: implementing non-volatile UEFI variables

Wolfgang Denk wd at denx.de
Fri Jun 28 07:34:32 UTC 2019

Dear Ilias,

In message <20190627070821.GA10271 at apalos> you wrote:
> > > > > There have been thoughts about using signed environment storage
> > > > > before.  This is manageable as long as your environment is read-only.
> > > > > But for writing ("env save") you need access to the private key to
> > > > > sign the new data.  Do you have a good solution for this?
> > 
> I think you are are trying to suggest a common way for U-Boot to
> support that, we are not.

Well, if there is a chance to use a common code base, then such an
approach is always preferrable over using multiple separate
implementations for the same thing.

But it's not up to me to decide if you really can or want to
utilize the exiting environment code.  You decide.

But then please make up your mind:

_Either_ use the environment code - if so, then please in a way that
is ideally useful to others, too, or at least does not hurt others
(for example in terms of code size or complexity /maintainability).
_Or_ use your own, UEFI specific implementation - but then please
don;t meddle with the environment code - instead, leave this
unchanged. Feel free to use it as is where it fits your need, or
write new, UEFI specific code otherwise.

I don't want to see patches that are meddling with the environment
code for purposes that have nothing to do with the environment
handling in U-Boot.

> The plan for us was to split UEFI and U-Boot variables and let StMM
> deal will *all* UEFI variables (since that's what the application
> does). As Takahiro nicely explained the vast majority of UEFI variables are not
> Authenticated variables.

That's perfectly fine with me.  But please keep the code base clean.
Either use common tools for storage (existing environment code), or
use something else (completely new UEFI specific code).


Best regards,

Wolfgang Denk

DENX Software Engineering GmbH,      Managing Director: Wolfgang Denk
HRB 165235 Munich, Office: Kirchenstr.5, D-82194 Groebenzell, Germany
Phone: (+49)-8142-66989-10 Fax: (+49)-8142-66989-80 Email: wd at denx.de
You cannot propel yourself forward by patting yourself on the back.

More information about the U-Boot mailing list