On Sun, Jul 24, 2022 at 12:49:45AM +0200, Maximilian Luz wrote: > On modern Qualcomm platforms, access to EFI variables is restricted to > the secure world / TrustZone, i.e. the Trusted Execution Environment > (TrEE or TEE) as Qualcomm seems to call it. To access EFI variables, we > therefore need to talk to the UEFI Secure Application (uefisecapp), > residing in the TrEE. The whole point of UEFI is providing a standard interface. Why can't the UEFI implementation call the TEE itself? I'm not sure custom interfaces is something we want. > This series adds support for accessing EFI variables on those platforms. > > To do this, we first need to add some SCM call functions used to manage > and talk to Secure Applications. A very small subset of this interface > is added in the second patch (whereas the first one exports the required > functions for that). Interface specifications are extracted from [1]. > While this does not (yet) support re-entrant SCM calls (including > callbacks and listeners), this is enough to talk to the aforementioned > uefisecapp on a couple of platforms (I've tested this on a Surface Pro X > and heard reports from Lenovo Flex 5G, Lenovo Thinkpad x13s, and Lenovo > Yoga C630 devices). What does Windows do on these devices? I'm surprised something like this would fly with Microsoft. Rob
