diff options
author | Patrick Rudolph <patrick.rudolph@9elements.com> | 2021-04-21 10:02:55 +0200 |
---|---|---|
committer | Lean Sheng Tan <sheng.tan@9elements.com> | 2023-04-03 21:13:54 +0000 |
commit | 1ab8ad66d450094a1e429a004fc10e1d4b32bbfb (patch) | |
tree | 8ab10999da640e9a13e0c2e227e6975c7750884e /src/security | |
parent | 389e73a97b34a7565c9354a9e73f26e330675854 (diff) |
drivers/efi: Add EFI variable store option support
Add a driver to read and write EFI variables stored in a region device.
This is particularly useful for EDK2 as payload and allows to reuse
existing EFI tools to set/get options used by the firmware.
The write implementation is fault tolerant and doesn't corrupt the
variable store. A faulting write might result in using the old value
even though a 'newer' had been completely written.
Implemented basic unit tests for header corruption, writing existing
data and append new data into the store.
Initial firmware region state:
Initially the variable store region isn't formatted. Usually this is
done in the EDK2 payload when no valid firmware volume could be found.
It might be useful to do this offline or in coreboot to have a working
option store on the first boot or when it was corrupted.
Performance improvements:
Right now the code always checks if the firmware volume header is valid.
This could be optimised by caching the test result in heap. For write
operations it would be good to cache the end of the variable store in
the heap as well, instead of walking the whole store. For read
operations caching the entire store could be considered.
Reclaiming memory:
The EFI variable store is append write only. To update an existing
variable, first a new is written to the end of the store and then the
previous is marked invalid. This only works on PNOR flash that allow to
clear set bits, but keep cleared bits state.
This mechanisms allows a fault tolerant write, but it also requires to
"clean" the variable store for time to time. This cleaning would remove
variables that have been marked "deleted".
Such cleaning mechanism in turn must be fault tolerant and thus must use
a second partition in the SPI flash as backup/working region.
For now to cleaning is done in coreboot.
Fault checking:
The driver should check if a previous write was successful and if not
mark variables as deleted on the next operation.
Tested and working:
- Enumerate all existing variables
- Read variables
- Write variables
Change-Id: I8079f71d29da5dc2db956fc68bef1486fe3906bb
Signed-off-by: Patrick Rudolph <patrick.rudolph@9elements.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/52564
Reviewed-by: Lean Sheng Tan <sheng.tan@9elements.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Diffstat (limited to 'src/security')
0 files changed, 0 insertions, 0 deletions