From patchwork Wed May 6 19:12:46 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ilias Apalodimas X-Patchwork-Id: 245220 List-Id: U-Boot discussion From: ilias.apalodimas at linaro.org (Ilias Apalodimas) Date: Wed, 6 May 2020 22:12:46 +0300 Subject: [PATCH 6/6] doc: uefi.rst: Add OP-TEE variable storage config options In-Reply-To: <20200506191246.237790-1-ilias.apalodimas@linaro.org> References: <20200506191246.237790-1-ilias.apalodimas@linaro.org> Message-ID: <20200506191246.237790-7-ilias.apalodimas@linaro.org> If OP-TEE is compiled with an EDK2 application running in secure world it can process and store UEFI variables in an RPMB. Add documentation for the config options enabling this Signed-off-by: Ilias Apalodimas --- doc/uefi/uefi.rst | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/doc/uefi/uefi.rst b/doc/uefi/uefi.rst index 4fda00d68721..93b0faadd26e 100644 --- a/doc/uefi/uefi.rst +++ b/doc/uefi/uefi.rst @@ -188,6 +188,16 @@ on the sandbox cd pytest.py test/py/tests/test_efi_secboot/test_signed.py --bd sandbox +Using OP-TEE for EFI variables +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +If an RPMB and it's drivers is available in U-Boot, OP-TEE can be used for +variable services. +Enabling CONFIG_EFI_MM_COMM_TEE=y will dispatch the variables services to +OP-TEE. OP-TEE needs to be compiled with a secure application (coming from EDK2) +which will process variables in the Secure World and store them in the RPMB +using the OP-TEE supplicant. + Executing the boot manager ~~~~~~~~~~~~~~~~~~~~~~~~~~