Re: [PATCH 0/4] firmware: Add support for Qualcomm UEFI Secure Application
From: Rob Herring
Date: Mon Jul 25 2022 - 15:27:16 EST
On Sun, Jul 24, 2022 at 12:49:45AM +0200, Maximilian Luz wrote:
> On modern Qualcomm platforms, access to EFI variables is restricted to
> the secure world / TrustZone, i.e. the Trusted Execution Environment
> (TrEE or TEE) as Qualcomm seems to call it. To access EFI variables, we
> therefore need to talk to the UEFI Secure Application (uefisecapp),
> residing in the TrEE.
The whole point of UEFI is providing a standard interface. Why can't the
UEFI implementation call the TEE itself?
I'm not sure custom interfaces is something we want.
> This series adds support for accessing EFI variables on those platforms.
>
> To do this, we first need to add some SCM call functions used to manage
> and talk to Secure Applications. A very small subset of this interface
> is added in the second patch (whereas the first one exports the required
> functions for that). Interface specifications are extracted from [1].
> While this does not (yet) support re-entrant SCM calls (including
> callbacks and listeners), this is enough to talk to the aforementioned
> uefisecapp on a couple of platforms (I've tested this on a Surface Pro X
> and heard reports from Lenovo Flex 5G, Lenovo Thinkpad x13s, and Lenovo
> Yoga C630 devices).
What does Windows do on these devices? I'm surprised something like this
would fly with Microsoft.
Rob