[PATCH v8 4/4] efi_vars: Implement SPI Flash store

Ilias Apalodimas ilias.apalodimas at linaro.org
Mon Feb 16 13:08:44 CET 2026 

On Mon, 16 Feb 2026 at 13:39, Heinrich Schuchardt <xypron.glpk at gmx.de> wrote:
>
> Am 16. Februar 2026 08:24:19 MEZ schrieb Michal Simek <michal.simek at amd.com>:
> >
> >
> >On 2/15/26 09:48, Heinrich Schuchardt wrote:
> >> On 2/11/26 16:56, Michal Simek wrote:
> >>> From: Shantur Rathore <i at shantur.com>
> >>>
> >>> Currently U-Boot uses ESP as storage for EFI variables.
> >>> Devices with SPI Flash are used for storing environment with this
> >>> commit we allow EFI variables to be stored on SPI Flash.
> >>>
> >>> https://github.com/rhboot/efivar
> >>> is not updated to support this location that's why you can mimic it by
> >>> running:
> >>> dd if=/sys/firmware/efi/efivars/VarToFile-b2ac5fc9-92b7-4acd-aeac-11e818c3130c \
> >>>     of=/tmp/vars skip=4 bs=1
> >>> flashcp /tmp/vars /dev/mtdX
> >>>
> >>> where mtdX should match location defined by
> >>> CONFIG_EFI_VARIABLE_SF_OFFSET/CONFIG_EFI_VAR_BUF_SIZE.
> >>>
> >>> Signed-off-by: Shantur Rathore <i at shantur.com>
> >>> Signed-off-by: Michal Simek <michal.simek at amd.com>
> >>> Tested-by: Neil Armstrong <neil.armstrong at linaro.org> # on AML-S905D3-CC
> >>> Acked-by: Ilias Apalodimas <ilias.apalodimas at linaro.org>
> >>>
> >>> ---
> >>>
> >>> Changes in v8:
> >>> - Add missing EFI_VARIABLE_SF_STORE dependency to EFI_VARIABLE_SF_DEVICE_INDEX
> >>>
> >>> Changes in v7:
> >>> - sed -i 's/efi_var_from/efi_var_from_storage/g'
> >>>
> >>> Changes in v6:
> >>> - sed -i 's/efi_var_read/efi_var_from/g'
> >>> - sed -i 's/efi_var_write/efi_var_to_storage/g'
> >>>
> >>> Changes in v4:
> >>> - Extend Kconfig description
> >>> - Extend commit message and describe efivar missing part
> >>> - use unify methods for reading/writing variable
> >>>
> >>> Changes in v3:
> >>> - Fixed compiler warnings.
> >>>
> >>> Changes in v2:
> >>> - Refactored efi_var_file to move common parts out as requested
> >>> - Changed ifdefs to use CONFIG_IS_DEFINED
> >>> - Fixed typos
> >>>
> >>>   lib/efi_loader/Kconfig      | 35 +++++++++++++-
> >>>   lib/efi_loader/Makefile     |  1 +
> >>>   lib/efi_loader/efi_var_sf.c | 92 +++++++++++++++++++++++++++++++++++++
> >>>   3 files changed, 127 insertions(+), 1 deletion(-)
> >>>   create mode 100644 lib/efi_loader/efi_var_sf.c
> >>>
> >>> diff --git a/lib/efi_loader/Kconfig b/lib/efi_loader/Kconfig
> >>> index 579eed658801..0f6f927ddaf1 100644
> >>> --- a/lib/efi_loader/Kconfig
> >>> +++ b/lib/efi_loader/Kconfig
> >>> @@ -124,6 +124,24 @@ config EFI_VARIABLE_FILE_STORE
> >>>         Select this option if you want non-volatile UEFI variables to be
> >>>         stored as file /ubootefi.var on the EFI system partition.
> >>> +config EFI_VARIABLE_SF_STORE
> >>> +    bool "Store non-volatile UEFI variables in SPI Flash"
> >>> +    depends on SPI_FLASH
> >>> +    help
> >>> +      Select this option if you want non-volatile UEFI variables to be
> >>> +      stored in SPI Flash.
> >>> +
> >>> +      Define CONFIG_EFI_VARIABLE_SF_OFFSET as offset in SPI Flash to use as
> >>> +      the storage for variables. CONFIG_EFI_VAR_BUF_SIZE defines the space
> >>> +      needed.
> >>> +
> >>> +      Note that SPI Flash devices have a limited number of program/erase
> >>> +      cycles. Frequent updates to UEFI variables may cause excessive wear
> >>> +      and can permanently damage the flash device, particularly on SPI NAND
> >>> +      or low-end SPI NOR parts without wear leveling. This option should be
> >>> +      used with care on such systems, and is not recommended for platforms
> >>> +      where UEFI variables are updated frequently.
> >>> +
> >>>   config EFI_MM_COMM_TEE
> >>>       bool "UEFI variables storage service via the trusted world"
> >>>       depends on OPTEE
> >>> @@ -153,7 +171,7 @@ endchoice
> >>>   config EFI_RT_VOLATILE_STORE
> >>>       bool "Allow variable runtime services in volatile storage (e.g RAM)"
> >>> -    depends on EFI_VARIABLE_FILE_STORE
> >>> +    depends on EFI_VARIABLE_FILE_STORE || EFI_VARIABLE_SF_STORE
> >>
> >> Hello Michal,
> >>
> >> If the backend store is SPI flash, we should not publish the variable "RTStorageVolatile" at runtime as currently defined.
> >>
> >> For the background see this commit for the efivar library:
> >>
> >> https://github.com/rhboot/efivar/commit/68daa04654acbe1bbaa17ebfc23c371b39e69c6b
> >>
> >> The first three patches look correct to me and I will add them to a merge request for efi-next.
> >
> >Do I read it that when I don't allow to select EFI_RT_VOLATILE_STORE you will be fine with the patch itself?
>
> This was my only concern.

Thinking about it again, this is the right thing to do right now.
efivar will try to create a file in the ESP if the speacial variables
in linux are found. So we are better off disabling this option for SPI
variables atm

Cheers
/Ilias
>
> Maybe setting the file name to /dev/mtd/by-name/<partition name> would work with efivar. But I have not tested it.
>
> In U-Boot we could replace EFI_VARIABLE_SF_DEVICE_INDEX, SIZE, and OFFSET by a partition name, too. That way it would be the common device-tree for U-Boot and Linux controlling the placement of the variables store.
>
> >
> >
> >> The usage of efi_var_mem_ins() and efi_var_mem_del() when SetVariable() does not change anything is not flash-friendly. Michal, do you want to have a look at this area?
> >
> >That's known limitation describe in EFI_VARIABLE_SF_STORE Kconfig Note.
>
> This could be a topic for future work.
>
> Best regards
>
> Heinrich
>

More information about the U-Boot mailing list