efi_loader: Implement EFI variable handling via OP-TEE In OP-TEE we can run EDK2's StandAloneMM on a secure partition. StandAloneMM is responsible for the UEFI variable support. In combination with OP-TEE and it's U-Boot supplicant, variables are authenticated/validated in secure world and stored on an RPMB partition. So let's add a new config option in U-Boot implementing the necessary calls to OP-TEE for the variable management. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Signed-off-by: Pipat Methavanitpong <pipat1010@gmail.com> Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>

commit: 77a364f45e2f44c50cf9a8402b87a3c82f4440e8 [log] [tgz]
author: Ilias Apalodimas <ilias.apalodimas@linaro.org> Sun May 17 22:25:44 2020 +0300
committer: Heinrich Schuchardt <xypron.glpk@gmx.de> Sun May 17 21:59:53 2020 +0200
tree: 9772c55dc5d60b5997b689d6ad112b7f5a62bf28
parent: 1f2e4f517ab560b1e7900b2247428ad9072ad452 [diff] [blame]
diff --git a/lib/efi_loader/Kconfig b/lib/efi_loader/Kconfig
index 1cfa24f..aad37b7 100644
--- a/lib/efi_loader/Kconfig
+++ b/lib/efi_loader/Kconfig

@@ -164,4 +164,13 @@
 	  it is signed with a trusted key. To do that, you need to install,
 	  at least, PK, KEK and db.
 
+config EFI_MM_COMM_TEE
+	bool "UEFI variables storage service via OP-TEE"
+	depends on OPTEE
+	default n
+	help
+	  If OP-TEE is present and running StandAloneMM, dispatch all UEFI variable
+	  related operations to that. The application will verify, authenticate and
+	  store the variables on an RPMB.
+
 endif
commit	77a364f45e2f44c50cf9a8402b87a3c82f4440e8	[log] [tgz]
author	Ilias Apalodimas <ilias.apalodimas@linaro.org>	Sun May 17 22:25:44 2020 +0300
committer	Heinrich Schuchardt <xypron.glpk@gmx.de>	Sun May 17 21:59:53 2020 +0200
tree	9772c55dc5d60b5997b689d6ad112b7f5a62bf28
parent	1f2e4f517ab560b1e7900b2247428ad9072ad452 [diff] [blame]