On Thu, 15 Jan 2026 at 12:02, Peter Robinson <[email protected]> wrote: > > On Thu, 15 Jan 2026 at 08:05, Ilias Apalodimas > <[email protected]> wrote: > > > > Hi Michal > > > > Thanks for taking the time. > > > > [...] > > > > > diff --git a/lib/efi_loader/efi_variable.c b/lib/efi_loader/efi_variable.c > > > index be670a8e7c25..feab212b245b 100644 > > > --- a/lib/efi_loader/efi_variable.c > > > +++ b/lib/efi_loader/efi_variable.c > > > @@ -397,11 +397,11 @@ efi_status_t efi_set_variable_int(const u16 > > > *variable_name, > > > ret = EFI_SUCCESS; > > > > > > /* > > > - * Write non-volatile EFI variables to file > > > + * Write non-volatile EFI variables to file or SPI Flash > > > * TODO: check if a value change has occured to avoid superfluous > > > writes > > > */ > > > if (attributes & EFI_VARIABLE_NON_VOLATILE) { > > > -#if CONFIG_IS_ENABLED(EFI_VARIABLE_FILE_STORE) > > > +#if CONFIG_IS_ENABLED(EFI_VARIABLE_FILE_STORE) || > > > CONFIG_IS_ENABLED(EFI_VARIABLE_SF_STORE) > > > efi_var_write(); > > > #else > > > return EFI_NOT_READY; > > > @@ -599,7 +599,7 @@ efi_status_t efi_init_variables(void) > > > if (ret != EFI_SUCCESS) > > > return ret; > > > > > > -#if CONFIG_IS_ENABLED(EFI_VARIABLE_FILE_STORE) > > > +#if CONFIG_IS_ENABLED(EFI_VARIABLE_FILE_STORE) || > > > CONFIG_IS_ENABLED(EFI_VARIABLE_SF_STORE) > > > > So I think this is might to come back and bite us in the future. > > The name of the file is a bit misleading, but efi_variable.c is > > supposed to handle the variables with a file backed storage and > > efi_variable_tee.c is handling the variables when the storage is > > isolated in the secure world. > > The problem is that each case defines the boottime and runtime > > services. The functions that are common across cases live in > > efi_var_common.c. That files defines the boottime and runtime calls, > > by calling the *_int() variants. > > > > The file backed and SPI flash storage seem to have a lot in common. > > e.g they both use the memory backend to expose the vairables the the > > OS, query the available storage etc. But I am not they will end up > > being 100% identical. If they do this approach is ok. But ifthey don't > > it's better to expand the efi_var_sf.c you added and add code for > > efi_variables_boot_exit_notify(), and any *_int() functions that are > > different. > > > > Heinrich any opinions? I'll need to think through the SPI case > > inclduing runtime support before taking this in > > Do we also need to consider the case where the SPI flash remains owned > by the firmware/secure world, and the case where it's handed over to > the OS?
No, we dont have to care about this. If the SPI moves to the secure world, then efi_variable_tee.c will take care of it. This file is basically a glue layer between U-Boot and StMM running in op-tee. So the majority of the works to support this is in OP-TEE & StMM -- add a spi bus driver, spi flash driver etc. I dont expect to change the u-boot part substantially Cheers /Ilias
