Heinrich Schuchardt xypron.glpk@gmx.de writes:
On 3/27/20 9:07 AM, Punit Agrawal wrote:
Heinrich Schuchardt xypron.glpk@gmx.de writes:
Persist non-volatile UEFI variables in a file on the EFI system partition.
The file is written:
- whenever a non-volatile UEFI variable is changed after initialization of the UEFI sub-system.
- upon ExitBootServices()
I might be missing something but how does this cope with the ESP being on a storage medium access to which is owned by the OS at runtime? e.g., partition on eMMC or SATA drive.
This development does not guard against manipulation by the OS.
Ilias is cureently working on a solution for ATF based devices that will provide secure storage for variables.
Thanks for the clarification.
So the current patches are more RFC material - as it would be worth seeing the whole picture before things start getting baked in.
I only recently started looking at EFI features in u-boot and am trying to piece the story together based on the patches in-flight.
Thanks, Punit
[...]