On 12/4/25 6:49 AM, Ilias Apalodimas wrote:
Hi Val,
On Wed, 3 Dec 2025 at 06:29, Val Packett <[email protected]> wrote:
On some platforms, EFI variable services only become available when an
appropriate TEE driver is initialized such as qseecom, gsmi or stmm.
This would work fine when efi_pstore was built as a module and loaded
late by userspace, but with CONFIG_EFI_VARS_PSTORE=y this driver would
quit due to non-writable efivars before the necessary driver had any
chance to load.
The problem, at least for OP-TEE/StMM, is that writing the variables
to an RPMB depends on a userspace application If CONFIG_RPMB is not
selected. We have no guarantees that the app will still be alive.
I don't know how gsmi or qseecom deal with writing variables. We can
probably allow it for StMM if CONFIG_RPMB is enabled, but we'll have
the right trigger to do so.
qseecom/uefisecapp does not have any userspace requirements and works
fine with efi_pstore.
I don't think complicating efi_pstore with extra logic about which ops
are fine would be worth it..
Either way, it currently *already* tries to use whatever ops that have
been registered if it's loaded late as a module by systemd! The only
thing this patch changes is the CONFIG_EFI_VARS_PSTORE=y case.
Thanks,
~val
