13–15 Nov 2023
America/New_York timezone

UEFI Setvariable at runtime -- Problems, status and solutions

15 Nov 2023, 11:30
45m
"Potomac G" (Omni Richmond Hotel)

"Potomac G"

Omni Richmond Hotel

80
Birds of a Feather (BoF) Birds of a Feather (BoF)

Speaker

Mr Ilias Apalodimas

Description

The UEFI spec mandates that UEFI variables related to the UEFI keyring must be stored in a non-volatile storage that is tamper and delete-resistant. On embedded platforms with an RPMB available this is supported at Boottime in U-Boot (U-Boot has supported this since ~2020). With SystemReady-IR getting adopted from various hardware vendors, SetVariable at Runtime is becoming a necessity for distro installers and firmware updates.
Due to the complexity of the solution, supporting it and adhering to the UEFI spec is very difficult on certain platforms.

There is a patchset under review https://lore.kernel.org/linux-efi/20231013074540.8980-2-masahisa.kojima@linaro.org/ which enables SetVariable at runtime for such platforms. This introduces a few dependencies on the kernel and violates the EFI spec.
Discuss the implementation, implications, current status, and ideas to lift the kernel dependencies.

Primary author

Presentation materials

Diamond Sponsors
Platinum Sponsor
Gold Sponsors
Silver Sponsors
Catchbox Sponsor
Livestream Sponsors
T-Shirt Sponsor
Conference Services Provided by