mirror of
https://github.com/u-boot/u-boot.git
synced 2025-04-17 10:24:49 +00:00
c28d32f946
When we store EFI variables on file we don't allow SetVariable at runtime,
since the OS doesn't know how to access or write that file. At the same
time keeping the U-Boot drivers alive in runtime sections and performing
writes from the firmware is dangerous -- if at all possible.
For GetVariable at runtime we copy runtime variables in RAM and expose them
to the OS. Add a Kconfig option and provide SetVariable at runtime using
the same memory backend. The OS will be responsible for syncing the RAM
contents to the file, otherwise any changes made during runtime won't
persist reboots.
It's worth noting that the variable store format is defined in EBBR [0]
and authenticated variables are explicitly prohibited, since they have
to be stored on a medium that's tamper and rollback protected.
- pre-patch
$~ mount | grep efiva
efivarfs on /sys/firmware/efi/efivars type efivarfs (ro,nosuid,nodev,noexec,relatime)
$~ efibootmgr -n 0001
Could not set BootNext: Read-only file system
- post-patch
$~ mount | grep efiva
efivarfs on /sys/firmware/efi/efivars type efivarfs (rw,nosuid,nodev,noexec,relatime)
$~ efibootmgr -n 0001
BootNext: 0001
BootCurrent: 0000
BootOrder: 0000,0001
Boot0000* debian HD(1,GPT,bdae5610-3331-4e4d-9466-acb5caf0b4a6,0x800,0x100000)/File(EFI\debian\grubaa64.efi)
Boot0001* virtio 0 VenHw(e61d73b9-a384-4acc-aeab-82e828f3628b,0000000000000000)/VenHw(e61d73b9-a384-4acc-aeab-82e828f3628b,850000001f000000)/VenHw(e61d73b9-a384-4acc-aeab-82e828f3628b,1600850000000000){auto_created_boot_option}
$~ efivar -p -n 8be4df61-93ca-11d2-aa0d-00e098032b8c-BootNext
GUID: 8be4df61-93ca-11d2-aa0d-00e098032b8c
Name: "BootNext"
Attributes:
Non-Volatile
Boot Service Access
Runtime Service Access
Value:
00000000 01 00
FWTS runtime results
Skipped tests are for SetVariable which is now supported
'Passed' test is for QueryVariableInfo which is not yet supported
Test: UEFI miscellaneous runtime service interface tests.
Test for UEFI miscellaneous runtime service interfaces 6 skipped
Stress test for UEFI miscellaneous runtime service i.. 1 skipped
Test GetNextHighMonotonicCount with invalid NULL par.. 1 skipped
Test UEFI miscellaneous runtime services unsupported.. 1 passed
Test: UEFI Runtime service variable interface tests.
Test UEFI RT service get variable interface. 1 passed
Test UEFI RT service get next variable name interface. 4 passed
Test UEFI RT service set variable interface. 8 passed
Test UEFI RT service query variable info interface. 1 skipped
Test UEFI RT service variable interface stress test. 2 passed
Test UEFI RT service set variable interface stress t.. 4 passed
Test UEFI RT service query variable info interface s.. 1 skipped
Test UEFI RT service get variable interface, invalid.. 5 passed
Test UEFI RT variable services unsupported status. 1 passed, 3 skipped
[0] https://arm-software.github.io/ebbr/index.html#document-chapter5-variable-storage
Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
||
|---|---|---|
| .. | ||
| acpi | ||
| aes | ||
| at91 | ||
| blake2 | ||
| bzip2 | ||
| crypt | ||
| crypto | ||
| dhry | ||
| ecdsa | ||
| efi | ||
| efi_driver | ||
| efi_loader | ||
| efi_selftest | ||
| fwu_updates | ||
| libavb | ||
| libfdt | ||
| lzma | ||
| lzo | ||
| optee | ||
| rsa | ||
| zlib | ||
| zstd | ||
| .gitignore | ||
| abuf.c | ||
| addr_map.c | ||
| aes.c | ||
| asm-offsets.c | ||
| asn1_decoder.c | ||
| bch.c | ||
| binman.c | ||
| bitrev.c | ||
| charset.c | ||
| circbuf.c | ||
| crc7.c | ||
| crc8.c | ||
| crc16-ccitt.c | ||
| crc16.c | ||
| crc32.c | ||
| crc32c.c | ||
| ctype.c | ||
| date.c | ||
| display_options.c | ||
| div64.c | ||
| elf.c | ||
| errno.c | ||
| errno_str.c | ||
| fdt-libcrypto.c | ||
| fdtdec.c | ||
| fdtdec_common.c | ||
| fdtdec_test.c | ||
| getopt.c | ||
| gunzip.c | ||
| gzip.c | ||
| hang.c | ||
| hash-checksum.c | ||
| hashtable.c | ||
| hexdump.c | ||
| image-sparse.c | ||
| initcall.c | ||
| Kconfig | ||
| ldiv.c | ||
| linux_compat.c | ||
| linux_string.c | ||
| list_sort.c | ||
| lmb.c | ||
| lz4.c | ||
| lz4_wrapper.c | ||
| Makefile | ||
| md5.c | ||
| membuff.c | ||
| net_utils.c | ||
| of_live.c | ||
| oid_registry.c | ||
| panic.c | ||
| physmem.c | ||
| qsort.c | ||
| rand.c | ||
| rational.c | ||
| rbtree.c | ||
| rc4.c | ||
| rtc-lib.c | ||
| semihosting.c | ||
| sha1.c | ||
| sha256.c | ||
| sha512.c | ||
| slre.c | ||
| smbios-parser.c | ||
| smbios.c | ||
| sscanf.c | ||
| string.c | ||
| strto.c | ||
| tables_csum.c | ||
| time.c | ||
| tiny-printf.c | ||
| tpm-common.c | ||
| tpm-utils.h | ||
| tpm-v1.c | ||
| tpm-v2.c | ||
| tpm_api.c | ||
| trace.c | ||
| uuid.c | ||
| vsprintf.c | ||
| xxhash.c | ||