sigma/efivar
1
0
Fork 0
mirror of https://github.com/rhboot/efivar.git synced 2025-12-05 22:28:51 +00:00
Code Releases Activity
Tools and libraries to work with EFI variables
874 commits 3 branches 57 tags 2.3 MiB
Find a file
Exact
Ilias Apalodimas 68daa04654 efivarfs: Update a file variable store On SetVariable RT 
Embedded boards have hardware limitations when storing and managing EFI
variables. Some hardware comes with an eMMC & an RPMB partition which they
use to store the EFI variables securely. However, the vast majority of
boards (using U-Boot), stores the EFI variables in a file in the ESP.

This has a few limitations
- UEFI secure boot cannot be enabled as it can be very easily
  overridden
- SetVariable at runtime is impossible to support

Distros and capsule updates on-disk do rely on the that service though
and U-Boot does implement a workaround.

U-Boot enables SetVariableRT in the RTPROP table and creates a memory backend,
so the linux kernel can naturally read and write variables via the efivarfs
filesystem. Those reads and writes end up in memory though. So they are visible
while the OS is live and are lost in the event of a reboot.

At the same time it also creates two EFI RO variables.
RTStorageVolatile -- Holds the filename  the variables are stored relative to
                     the ESP
VarToFile -- Holds a binary dump of all the EFI variables that should be
             preserved (BS, NV, RT).

By using these two variables we can persist the changes after reboots by
doing
dd if=/sys/firmware/efi/efivars/VarToFile-b2ac5fc9-92b7-4acd-aeac-11e818c3130c of=/boot/efi/ubootefi.var skip=4 bs=1

So let's plug this functionality into the efivafs backend and enable it
automatically if those variables are detected.

Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
2025-06-23 14:10:21 -04:00
.github/workflows CI: update to checkout@v3 2024-03-06 11:53:18 -05:00
docs Add note to efi_get_variable about ownership of the data pointer 2025-06-18 16:55:14 -04:00
src efivarfs: Update a file variable store On SetVariable RT 2025-06-23 14:10:21 -04:00
tests secdb: change secdb algorithm sort order 2022-01-10 13:36:34 -05:00
.gitignore gitignore: Add some more creature comforts 2021-11-09 12:32:59 -05:00
CODE_OF_CONDUCT.md Update Code of Conduct contact address 2025-06-18 16:53:01 -04:00
COPYING Make FSF addresses in COPYING be URLs. 2014-10-15 09:47:41 -04:00
efivar.spec.in efisecdb: add efisecdb 2022-01-10 13:36:34 -05:00
Makefile make: add option to disable building/installing the docs 2024-01-29 18:07:24 -05:00
README.md Make README statement match license 2024-01-29 18:23:36 -05:00
TODO Add more TODO 2015-05-28 09:10:36 -04:00

README.md

efivar

Tools and libraries to manipulate EFI variables

This library is free software; you can redistribute it and/or modify it under the terms of the GNU Lesser General Public License as published by the Free Software Foundation; either version 2.1 of the License, or (at your option) any later version.

This library is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details.

You should have received a copy of the GNU Lesser General Public License along with this library. If not, see http://www.gnu.org/licenses/.

There is an ABI tracker for this project at ABI Laboratory.

WARNING

You should probably not run "make a brick" ever, unless you're already reasonably sure it won't permanently corrupt your firmware. This is not a joke.