[PATCH v11] efi_vars: Implement SPI Flash store

Heinrich Schuchardt xypron.glpk at gmx.de
Tue Mar 17 10:12:02 CET 2026 

Am 16. März 2026 12:54:56 MEZ schrieb Michal Simek <michal.simek at amd.com>:
>
>
>On 3/14/26 10:19, Heinrich Schuchardt wrote:
>> On 3/13/26 16:45, Michal Simek wrote:
>>> From: Shantur Rathore <i at shantur.com>
>>> 
>>> Currently U-Boot uses ESP as storage for EFI variables.
>>> Devices with SPI Flash are used for storing environment with this
>>> commit we allow EFI variables to be stored on SPI Flash.
>>> 
>>> Signed-off-by: Shantur Rathore <i at shantur.com>
>>> Signed-off-by: Michal Simek <michal.simek at amd.com>
>>> Tested-by: Neil Armstrong <neil.armstrong at linaro.org> # on AML-S905D3-CC
>>> Acked-by: Ilias Apalodimas <ilias.apalodimas at linaro.org>
>> 
>> Tested on StarFive VisionFive 2.
>> 
>> Reviewed-by: Heinrich Schuchardt <xypron.glpk at gmx.de>
>> 
>> 
>> The next logical step will be to define a value like RTStorageVolatile and allow to select CONFIG_EFI_RT_VOLATILE_STORE.
>> 
>> One way to define the location would be a SPI flash partition defined in the device-tree. An EFI variable could provide the compatible property of the partition that efivar should write to.
>> 
>>      partitions {
>>          compatible = "fixed-partitions";
>>          #address-cells = <1>;
>>          #size-cells = <1>;
>> 
>>          partition at c0000 {
>>              compatible = "uboot-efivar";
>>              reg = <0xc0000 0x20000>;
>>          };
>>      };
>> 
>> cf. Linux
>> Documentation/devicetree/bindings/mtd/partitions/partition.yaml
>
>Can you clarify your request?
>I mean, yes partition can be defined but that's more or less for OS/efivar.
>U-Boot is using Kconfig parameters to save it to exact location.
>Or are you suggesting that u-boot itself should be also decoding locations from mtd partition (as second configuration method)?

Using the same way to identify the EFI variables storage area could be helpful but is not a must.

The major usages for writing variables from Linux I have seen are:

* updating boot variables
* updating the security database, e.g. dbx
* indicating a capsule update

Updating boot variables will require either a driver in the Linux kernel or support in the efivar package or a runtime driver for writing to the SPI flash.

For updating the EFI security database a secure world driver for the SPI flash would be preferable but that is beyond the scope of the current development.

Best regards

Heinrich

More information about the U-Boot mailing list