Heinrich Schuchardt <xypron.g...@gmx.de> writes: > On 3/27/20 9:07 AM, Punit Agrawal wrote: >> Heinrich Schuchardt <xypron.g...@gmx.de> writes: >> >>> Persist non-volatile UEFI variables in a file on the EFI system partition. >>> >>> The file is written: >>> >>> * whenever a non-volatile UEFI variable is changed after initialization >>> of the UEFI sub-system. >>> * upon ExitBootServices() >> >> I might be missing something but how does this cope with the ESP being >> on a storage medium access to which is owned by the OS at runtime? e.g., >> partition on eMMC or SATA drive. > > This development does not guard against manipulation by the OS. > > Ilias is cureently working on a solution for ATF based devices that will > provide secure storage for variables.
Thanks for the clarification. So the current patches are more RFC material - as it would be worth seeing the whole picture before things start getting baked in. I only recently started looking at EFI features in u-boot and am trying to piece the story together based on the patches in-flight. Thanks, Punit [...]