If OP-TEE is compiled with an EDK2 application running in secure world it can process and store UEFI variables in an RPMB. Add documentation for the config options enabling this
Signed-off-by: Ilias Apalodimas ilias.apalodimas@linaro.org --- doc/uefi/uefi.rst | 10 ++++++++++ 1 file changed, 10 insertions(+)
diff --git a/doc/uefi/uefi.rst b/doc/uefi/uefi.rst index 4fda00d68721..93b0faadd26e 100644 --- a/doc/uefi/uefi.rst +++ b/doc/uefi/uefi.rst @@ -188,6 +188,16 @@ on the sandbox cd <U-Boot source directory> pytest.py test/py/tests/test_efi_secboot/test_signed.py --bd sandbox
+Using OP-TEE for EFI variables +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +If an RPMB and it's drivers is available in U-Boot, OP-TEE can be used for +variable services. +Enabling CONFIG_EFI_MM_COMM_TEE=y will dispatch the variables services to +OP-TEE. OP-TEE needs to be compiled with a secure application (coming from EDK2) +which will process variables in the Secure World and store them in the RPMB +using the OP-TEE supplicant. + Executing the boot manager ~~~~~~~~~~~~~~~~~~~~~~~~~~