Hi, > > The design idea is to reuse the request serialization protocol edk2 uses > > I suppose this is a stable protocol. (some parts are set by the UEFI > spec probably)
Partly yes, partly this is edk2-internal stuff. In theory there is some freedom to change the internal parts, in practice I have not seen this changing in incompatible ways to far. > There doesn't seem to be a defined way to query either side version or > capability, I suppose this could be added later assuming an initial > behaviour/magic etc. There is a 'magic' device register, so should the need arise there is the option to define a new magic cookie for incompatible changes. > > A edk2 test branch can be found here (build with "-D QEMU_VARS=TRUE"). > > https://github.com/kraxel/edk2/commits/devel/secure-boot-external-vars > > ok, perhaps it would be nice to have some basic unit tests in qemu > too. Almost none of this new code is exercised by the qemu tests yet. I have some unit tests, they are using edk2 though. So having unit tests right from the start is somewhat difficult. I don't feel like re-implementing the guest side of the serialization protocol for the qemu unit tests. Once the edk2 changes have landed in a edk2 stable tag and qemu bundled firmware has been updated it should be relatively easy to add those tests to qemu. With updated edk2 firmware we can also add some end-to-end testing such as booting a fedora cloud image with secure boot turned on. take care, Gerd