efi: Set Variable Runtime implementation

Mon Nov 27 08:16:16 CET 2023

Hi Shantur

On Sun, 26 Nov 2023 at 12:33, Shantur Rathore <i at shantur.com> wrote:
>
> Hi Peter,
>
> On Sat, Nov 25, 2023 at 6:19 AM Peter Robinson <pbrobinson at gmail.com> wrote:
> >
> > Hi Shantur,
> >
> > On Fri, Nov 24, 2023 at 11:55 PM Shantur Rathore <i at shantur.com> wrote:
> > >
> > > Hi Ilias,
> > >
> > > On Fri, Nov 24, 2023 at 10:50 PM Ilias Apalodimas
> > > <ilias.apalodimas at linaro.org> wrote:
> > > >
> > > > Hi Shantur
> > > >
> > > > On Fri, 24 Nov 2023 at 18:51, Shantur Rathore <i at shantur.com> wrote:
> > > > >
> > > > > Hi Heinrich,
> > > > >
> > > > > I am trying to work out how to enable the SetVariableRT service in
> > > > > U-Boot and came across your patch [1] which initially had the
> > > > > SetVariable RT service enabled in EFI but in the final patch this was
> > > > > removed.
> > > > > I am hoping to implement it on top of the SPI Flash EFI store [2] to
> > > > > be able to set Boot order and boot items from Linux the UEFI way.
> > > > >
> > > > > Can I pick your brain on why it was dropped in the patch?
> > > > > Is there any limitation in SetVariableRT service ?
> > > >
> > > > I recently had a talk about it in Plumbers [0]. Generally speaking, RT
> > > > + hardware owned by the kernel is a very weird combination since you
> > > > can't guarantee exclusive access to the flash or the bus and you have
> > > > to preserve a *lot* of code alive in u-boot.
> > > >
> > > > I'll respond to your v1 patchset and we can discuss details there as well.
> > > >
> > > > [0] https://lpc.events/event/17/contributions/1653/
> > >
> > > Thanks for the background and helping me understand the problem.
> > > Makes me wonder how things work in the PC world.
> > > U-boot being only ~1MB, can we not leave it all in memory and maybe
> > > just disable SPI access to Linux.

That would work, but you cant guarantee Linux wont enable the SPI flash.

> >
> > That's basically it, on x86 there's specific HW that's owned by
> > firmware, I don't know the exact low level details of how that works.
> >
> > I think x86 devices generally use eSPI for this HW [1] but I don't
> > know the low level details. The Arm SBSA (Server HW spec) and SBBR
> > (Server Base Boot Requirements) specs that are key to ServerReady may
> > go into some details too if you're curious.

On X86 the SPI flash is handled entirely by the firmware and SMM. You
can find more details here [0]

>
> Thanks,
> I think the firmware is still accessible to PCs as one could update the firmware
> in Windows so Windows has access to that device.
>
> I had some try myself and found that setting a variable to memory backed storage
> is doable with SetVariable call but we want to store it in any
> non-volatile storage
> things really don't look good.
>
> To be able to write SetVariable to any device, the whole u-boot driver
> model would need
> to be kept in memory, might as well just keep the whole u-boot in
> memory at this point, it's anyway small.
> I don't have much knowledge on how to or pros and cons of doing this.

The major problem here is who owns the hardware. With the SPI flash
implementation as well as the RPMB implementation Linux owns that
flash.
For the RPMB we've introduced a mechanism so the kernel replaces the
runtime calls with internal functions [1].  I think we should come up
with a similar architecture for SPI. In any case we should keep in
mind that setting authenticated EFI variables should be forbidden on
the file/SPI backends since they are not really secure.

>
> >
> > BTW I plan to test your other patches on the Pinebook Pro.
> >
> > [1] https://www.totalphase.com/blog/2021/09/what-is-the-espi-protocol-and-how-does-it-improve-upon-lpc/
>
> Thanks, that would be helpful.
> I am particularly keen on the usb patch here
> https://patchwork.ozlabs.org/project/uboot/patch/20231110141311.512334-1-i@shantur.com/
>
> Kind regards,
> Shantur

Regards
/Ilias
[0] https://www.intel.com/content/www/us/en/content-details/671120/a-tour-beyond-bios-uefi-authenticated-variables-in-smm-with-edk-ii.html?wapkw=vincent%20zimmer
[1] https://lore.kernel.org/linux-efi/20231107054057.1893-2-masahisa.kojima@linaro.org/