On Thu, 15 Jan 2026 at 08:05, Ilias Apalodimas <[email protected]> wrote: > > Hi Michal > > Thanks for taking the time. > > [...] > > > diff --git a/lib/efi_loader/efi_variable.c b/lib/efi_loader/efi_variable.c > > index be670a8e7c25..feab212b245b 100644 > > --- a/lib/efi_loader/efi_variable.c > > +++ b/lib/efi_loader/efi_variable.c > > @@ -397,11 +397,11 @@ efi_status_t efi_set_variable_int(const u16 > > *variable_name, > > ret = EFI_SUCCESS; > > > > /* > > - * Write non-volatile EFI variables to file > > + * Write non-volatile EFI variables to file or SPI Flash > > * TODO: check if a value change has occured to avoid superfluous > > writes > > */ > > if (attributes & EFI_VARIABLE_NON_VOLATILE) { > > -#if CONFIG_IS_ENABLED(EFI_VARIABLE_FILE_STORE) > > +#if CONFIG_IS_ENABLED(EFI_VARIABLE_FILE_STORE) || > > CONFIG_IS_ENABLED(EFI_VARIABLE_SF_STORE) > > efi_var_write(); > > #else > > return EFI_NOT_READY; > > @@ -599,7 +599,7 @@ efi_status_t efi_init_variables(void) > > if (ret != EFI_SUCCESS) > > return ret; > > > > -#if CONFIG_IS_ENABLED(EFI_VARIABLE_FILE_STORE) > > +#if CONFIG_IS_ENABLED(EFI_VARIABLE_FILE_STORE) || > > CONFIG_IS_ENABLED(EFI_VARIABLE_SF_STORE) > > So I think this is might to come back and bite us in the future. > The name of the file is a bit misleading, but efi_variable.c is > supposed to handle the variables with a file backed storage and > efi_variable_tee.c is handling the variables when the storage is > isolated in the secure world. > The problem is that each case defines the boottime and runtime > services. The functions that are common across cases live in > efi_var_common.c. That files defines the boottime and runtime calls, > by calling the *_int() variants. > > The file backed and SPI flash storage seem to have a lot in common. > e.g they both use the memory backend to expose the vairables the the > OS, query the available storage etc. But I am not they will end up > being 100% identical. If they do this approach is ok. But ifthey don't > it's better to expand the efi_var_sf.c you added and add code for > efi_variables_boot_exit_notify(), and any *_int() functions that are > different. > > Heinrich any opinions? I'll need to think through the SPI case > inclduing runtime support before taking this in
Do we also need to consider the case where the SPI flash remains owned by the firmware/secure world, and the case where it's handed over to the OS?
