diff options
| author | Maximilian Luz <luzmaximilian@gmail.com> | 2023-08-27 23:14:06 +0200 |
|---|---|---|
| committer | Bjorn Andersson <andersson@kernel.org> | 2023-09-13 10:18:42 -0700 |
| commit | 759e7a2b62eb3ef3c93ffeb5cca788a09627d7d9 (patch) | |
| tree | 7718c472d36429152da4fb67d4cf9be433551be2 /drivers/firmware/Kconfig | |
| parent | 00b1248606ba3979ccae30ed11df8cdc1a84245a (diff) | |
firmware: Add support for Qualcomm UEFI Secure Application
On platforms using the Qualcomm UEFI Secure Application (uefisecapp),
EFI variables cannot be accessed via the standard interface in EFI
runtime mode. The respective functions return EFI_UNSUPPORTED. On these
platforms, we instead need to talk to uefisecapp. This commit provides
support for this and registers the respective efivars operations to
access EFI variables from the kernel.
Communication with uefisecapp follows the Qualcomm QSEECOM / Secure OS
conventions via the respective SCM call interface. This is also the
reason why variable access works normally while boot services are
active. During this time, said SCM interface is managed by the boot
services. When calling ExitBootServices(), the ownership is transferred
to the kernel. Therefore, UEFI must not use that interface itself (as
multiple parties accessing this interface at the same time may lead to
complications) and cannot access variables for us.
Signed-off-by: Maximilian Luz <luzmaximilian@gmail.com>
Acked-by: Ard Biesheuvel <ardb@kernel.org>
Reviewed-by: Johan Hovold <johan+linaro@kernel.org>
Link: https://lore.kernel.org/r/20230827211408.689076-4-luzmaximilian@gmail.com
Signed-off-by: Bjorn Andersson <andersson@kernel.org>
Diffstat (limited to 'drivers/firmware/Kconfig')
| -rw-r--r-- | drivers/firmware/Kconfig | 16 |
1 files changed, 16 insertions, 0 deletions
diff --git a/drivers/firmware/Kconfig b/drivers/firmware/Kconfig index 3e41efe494d4..a94202229a71 100644 --- a/drivers/firmware/Kconfig +++ b/drivers/firmware/Kconfig @@ -242,6 +242,22 @@ config QCOM_QSEECOM Select Y here to enable the QSEECOM interface driver. +config QCOM_QSEECOM_UEFISECAPP + bool "Qualcomm SEE UEFI Secure App client driver" + depends on QCOM_QSEECOM + depends on EFI + help + Various Qualcomm SoCs do not allow direct access to EFI variables. + Instead, these need to be accessed via the UEFI Secure Application + (uefisecapp), residing in the Secure Execution Environment (SEE). + + This module provides a client driver for uefisecapp, installing efivar + operations to allow the kernel accessing EFI variables, and via that also + provide user-space with access to EFI variables via efivarfs. + + Select Y here to provide access to EFI variables on the aforementioned + platforms. + config SYSFB bool select BOOT_VESA_SUPPORT |