On 4/2/19 4:36 PM, Matthew Garrett wrote: > On Tue, Apr 2, 2019 at 11:15 AM Claudio Carvalho <cclaudio@xxxxxxxxxxxxx> wrote: >> 1. Enable efivarfs by selecting CONFIG_EFI in the CONFIG_OPAL_SECVAR >> introduced in this patch set. With CONFIG_EFIVAR_FS, userspace tools can >> be used to manage the secure variables. > efivarfs has some pretty significant behavioural semantics that > directly reflect the EFI specification. Using it to expose non-EFI > variable data feels like it's going to increase fragility - there's a > risk that we'll change things in a way that makes sense for the EFI > spec but breaks your use case. Is the desire to use efivarfs to > maintain consistency with existing userland tooling, or just to avoid > having a separate filesystem? > We want to use the efivarfs for compatibility with existing userspace tools. We will track and match any EFI changes that affect us. Our use case is restricted to secure boot - this is not going to be a general purpose EFI variable implementation. Claudio
