forked from OERV-BSP/u-boot
efi_loader: Implement EFI variable handling via OP-TEE
In OP-TEE we can run EDK2's StandAloneMM on a secure partition. StandAloneMM is responsible for the UEFI variable support. In combination with OP-TEE and it's U-Boot supplicant, variables are authenticated/validated in secure world and stored on an RPMB partition. So let's add a new config option in U-Boot implementing the necessary calls to OP-TEE for the variable management. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Signed-off-by: Pipat Methavanitpong <pipat1010@gmail.com> Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
This commit is contained in:
Ilias Apalodimas
committed by
Heinrich Schuchardt
Heinrich Schuchardt
parent
23a397d2e2
commit
f042e47e8f
@@ -164,4 +164,13 @@ config EFI_SECURE_BOOT
|
||||
it is signed with a trusted key. To do that, you need to install,
|
||||
at least, PK, KEK and db.
|
||||
|
||||
config EFI_MM_COMM_TEE
|
||||
bool "UEFI variables storage service via OP-TEE"
|
||||
depends on OPTEE
|
||||
default n
|
||||
help
|
||||
If OP-TEE is present and running StandAloneMM, dispatch all UEFI variable
|
||||
related operations to that. The application will verify, authenticate and
|
||||
store the variables on an RPMB.
|
||||
|
||||
endif
|
||||
|
||||
Reference in New Issue
Block a user