[PATCH v8 4/4] efi_vars: Implement SPI Flash store

Heinrich Schuchardt xypron.glpk at gmx.de
Mon Feb 16 12:39:05 CET 2026 

Am 16. Februar 2026 08:24:19 MEZ schrieb Michal Simek <michal.simek at amd.com>:
>
>
>On 2/15/26 09:48, Heinrich Schuchardt wrote:
>> On 2/11/26 16:56, Michal Simek wrote:
>>> From: Shantur Rathore <i at shantur.com>
>>> 
>>> Currently U-Boot uses ESP as storage for EFI variables.
>>> Devices with SPI Flash are used for storing environment with this
>>> commit we allow EFI variables to be stored on SPI Flash.
>>> 
>>> https://github.com/rhboot/efivar
>>> is not updated to support this location that's why you can mimic it by
>>> running:
>>> dd if=/sys/firmware/efi/efivars/VarToFile-b2ac5fc9-92b7-4acd-aeac-11e818c3130c \
>>>     of=/tmp/vars skip=4 bs=1
>>> flashcp /tmp/vars /dev/mtdX
>>> 
>>> where mtdX should match location defined by
>>> CONFIG_EFI_VARIABLE_SF_OFFSET/CONFIG_EFI_VAR_BUF_SIZE.
>>> 
>>> Signed-off-by: Shantur Rathore <i at shantur.com>
>>> Signed-off-by: Michal Simek <michal.simek at amd.com>
>>> Tested-by: Neil Armstrong <neil.armstrong at linaro.org> # on AML-S905D3-CC
>>> Acked-by: Ilias Apalodimas <ilias.apalodimas at linaro.org>
>>> 
>>> ---
>>> 
>>> Changes in v8:
>>> - Add missing EFI_VARIABLE_SF_STORE dependency to EFI_VARIABLE_SF_DEVICE_INDEX
>>> 
>>> Changes in v7:
>>> - sed -i 's/efi_var_from/efi_var_from_storage/g'
>>> 
>>> Changes in v6:
>>> - sed -i 's/efi_var_read/efi_var_from/g'
>>> - sed -i 's/efi_var_write/efi_var_to_storage/g'
>>> 
>>> Changes in v4:
>>> - Extend Kconfig description
>>> - Extend commit message and describe efivar missing part
>>> - use unify methods for reading/writing variable
>>> 
>>> Changes in v3:
>>> - Fixed compiler warnings.
>>> 
>>> Changes in v2:
>>> - Refactored efi_var_file to move common parts out as requested
>>> - Changed ifdefs to use CONFIG_IS_DEFINED
>>> - Fixed typos
>>> 
>>>   lib/efi_loader/Kconfig      | 35 +++++++++++++-
>>>   lib/efi_loader/Makefile     |  1 +
>>>   lib/efi_loader/efi_var_sf.c | 92 +++++++++++++++++++++++++++++++++++++
>>>   3 files changed, 127 insertions(+), 1 deletion(-)
>>>   create mode 100644 lib/efi_loader/efi_var_sf.c
>>> 
>>> diff --git a/lib/efi_loader/Kconfig b/lib/efi_loader/Kconfig
>>> index 579eed658801..0f6f927ddaf1 100644
>>> --- a/lib/efi_loader/Kconfig
>>> +++ b/lib/efi_loader/Kconfig
>>> @@ -124,6 +124,24 @@ config EFI_VARIABLE_FILE_STORE
>>>         Select this option if you want non-volatile UEFI variables to be
>>>         stored as file /ubootefi.var on the EFI system partition.
>>> +config EFI_VARIABLE_SF_STORE
>>> +    bool "Store non-volatile UEFI variables in SPI Flash"
>>> +    depends on SPI_FLASH
>>> +    help
>>> +      Select this option if you want non-volatile UEFI variables to be
>>> +      stored in SPI Flash.
>>> +
>>> +      Define CONFIG_EFI_VARIABLE_SF_OFFSET as offset in SPI Flash to use as
>>> +      the storage for variables. CONFIG_EFI_VAR_BUF_SIZE defines the space
>>> +      needed.
>>> +
>>> +      Note that SPI Flash devices have a limited number of program/erase
>>> +      cycles. Frequent updates to UEFI variables may cause excessive wear
>>> +      and can permanently damage the flash device, particularly on SPI NAND
>>> +      or low-end SPI NOR parts without wear leveling. This option should be
>>> +      used with care on such systems, and is not recommended for platforms
>>> +      where UEFI variables are updated frequently.
>>> +
>>>   config EFI_MM_COMM_TEE
>>>       bool "UEFI variables storage service via the trusted world"
>>>       depends on OPTEE
>>> @@ -153,7 +171,7 @@ endchoice
>>>   config EFI_RT_VOLATILE_STORE
>>>       bool "Allow variable runtime services in volatile storage (e.g RAM)"
>>> -    depends on EFI_VARIABLE_FILE_STORE
>>> +    depends on EFI_VARIABLE_FILE_STORE || EFI_VARIABLE_SF_STORE
>> 
>> Hello Michal,
>> 
>> If the backend store is SPI flash, we should not publish the variable "RTStorageVolatile" at runtime as currently defined.
>> 
>> For the background see this commit for the efivar library:
>> 
>> https://github.com/rhboot/efivar/commit/68daa04654acbe1bbaa17ebfc23c371b39e69c6b
>> 
>> The first three patches look correct to me and I will add them to a merge request for efi-next.
>
>Do I read it that when I don't allow to select EFI_RT_VOLATILE_STORE you will be fine with the patch itself?

This was my only concern.

Maybe setting the file name to /dev/mtd/by-name/<partition name> would work with efivar. But I have not tested it.

In U-Boot we could replace EFI_VARIABLE_SF_DEVICE_INDEX, SIZE, and OFFSET by a partition name, too. That way it would be the common device-tree for U-Boot and Linux controlling the placement of the variables store.

>
>
>> The usage of efi_var_mem_ins() and efi_var_mem_del() when SetVariable() does not change anything is not flash-friendly. Michal, do you want to have a look at this area?
>
>That's known limitation describe in EFI_VARIABLE_SF_STORE Kconfig Note.

This could be a topic for future work. 

Best regards

Heinrich

More information about the U-Boot mailing list