Dear Ilias, In message <20190627070821.GA10271@apalos> you wrote: > > > > > > There have been thoughts about using signed environment storage > > > > > before. This is manageable as long as your environment is read-only. > > > > > But for writing ("env save") you need access to the private key to > > > > > sign the new data. Do you have a good solution for this? > > > I think you are are trying to suggest a common way for U-Boot to > support that, we are not.
Well, if there is a chance to use a common code base, then such an approach is always preferrable over using multiple separate implementations for the same thing. But it's not up to me to decide if you really can or want to utilize the exiting environment code. You decide. But then please make up your mind: _Either_ use the environment code - if so, then please in a way that is ideally useful to others, too, or at least does not hurt others (for example in terms of code size or complexity /maintainability). _Or_ use your own, UEFI specific implementation - but then please don;t meddle with the environment code - instead, leave this unchanged. Feel free to use it as is where it fits your need, or write new, UEFI specific code otherwise. I don't want to see patches that are meddling with the environment code for purposes that have nothing to do with the environment handling in U-Boot. > The plan for us was to split UEFI and U-Boot variables and let StMM > deal will *all* UEFI variables (since that's what the application > does). As Takahiro nicely explained the vast majority of UEFI variables are > not > Authenticated variables. That's perfectly fine with me. But please keep the code base clean. Either use common tools for storage (existing environment code), or use something else (completely new UEFI specific code). Thanks. Best regards, Wolfgang Denk -- DENX Software Engineering GmbH, Managing Director: Wolfgang Denk HRB 165235 Munich, Office: Kirchenstr.5, D-82194 Groebenzell, Germany Phone: (+49)-8142-66989-10 Fax: (+49)-8142-66989-80 Email: w...@denx.de You cannot propel yourself forward by patting yourself on the back. _______________________________________________ U-Boot mailing list U-Boot@lists.denx.de https://lists.denx.de/listinfo/u-boot