On Wed, Apr 22, 2020 at 07:51:33PM +0200, Heinrich Schuchardt wrote:
In subsequent patches UEFI variables shalled be stored on the EFI system partition. Hence we need to identify the EFI system partition.
Hi,
I'm sorry, but, I'm wondering if this is a good idea? The EFI system partition is just some FAT-Partition, and if the system is using secure boot and someone happens to manage to mount that partition, then the variables can be changed pretty easily.
Also I guess changing variables using the Runtime Services would then try to access the partition? What if the OS is accessing the partition as well at the same time?
I'm currently storing the U-Boot environment, including the UEFI Secure Boot environment, on a eMMC partition with a temporary write protect. This means I cannot change the variables with Runtime Services after leaving U-Boot, but it also means that an exploit on my OS doesn't allow the attacker to change the variables, because they are write- protected until the machine reboots and enters U-Boot again.
I hope we will keep the possibility to store the UEFI variables in the U-Boot environment, or in some raw sector on the MMC partition, since otherwise the safety of those variables could be in danger.
Best regards, Patrick