efi_loader: Implement EFI variable handling via OP-TEE

In OP-TEE we can run EDK2's StandAloneMM on a secure partition. StandAloneMM is responsible for the UEFI variable support. In combination with OP-TEE and it's U-Boot supplicant, variables are authenticated/validated in secure world and stored on an RPMB partition. So let's add a new config option in U-Boot implementing the necessary calls to OP-TEE for the variable management. Signed-off-by: Ilias Apalodimas <[email protected]> Signed-off-by: Pipat Methavanitpong <[email protected]> Signed-off-by: Sughosh Ganu <[email protected]> Reviewed-by: Heinrich Schuchardt <[email protected]>
author: Ilias Apalodimas <[email protected]> 2020-05-17 22:25:44 +0300
committer: Heinrich Schuchardt <[email protected]> 2020-05-17 21:59:53 +0200
commit: f042e47e8fb433a7a1f8a25d997ba0fe74e2db53 (patch)
tree: 9772c55dc5d60b5997b689d6ad112b7f5a62bf28 /lib/efi_loader/Kconfig
parent: 23a397d2e2fb136e9b352b6aa0627262314e44a2 (diff)
1 files changed, 9 insertions, 0 deletions
diff --git a/lib/efi_loader/Kconfig b/lib/efi_loader/Kconfig
index 1cfa24ffcf7..aad37b71550 100644
--- a/lib/efi_loader/Kconfig
+++ b/lib/efi_loader/Kconfig
@@ -164,4 +164,13 @@ config EFI_SECURE_BOOT
 	  it is signed with a trusted key. To do that, you need to install,
 	  at least, PK, KEK and db.
 
+config EFI_MM_COMM_TEE
+	bool "UEFI variables storage service via OP-TEE"
+	depends on OPTEE
+	default n
+	help
+	  If OP-TEE is present and running StandAloneMM, dispatch all UEFI variable
+	  related operations to that. The application will verify, authenticate and
+	  store the variables on an RPMB.
+
 endif
author	Ilias Apalodimas <[email protected]>	2020-05-17 22:25:44 +0300
committer	Heinrich Schuchardt <[email protected]>	2020-05-17 21:59:53 +0200
commit	f042e47e8fb433a7a1f8a25d997ba0fe74e2db53 (patch)
tree	9772c55dc5d60b5997b689d6ad112b7f5a62bf28 /lib/efi_loader/Kconfig
parent	23a397d2e2fb136e9b352b6aa0627262314e44a2 (diff)