Attention is currently required from: Benjamin Doron, Nico Huber.

Patrick Georgi has posted comments on this change. ( https://review.coreboot.org/c/coreboot/+/79095?usp=email )

Change subject: Documentation: Describe how SMMSTORE can be used safely ......................................................................

Patch Set 2:

(2 comments)

Patchset:

PS2:

I've thought more about a possible LOCK command, and I don't think it works for secure boot unfortun […]

UEFI variable stores are whatever the UEFI variable store implementation is choosing them to be.

Since you can have lots of small appended blocks with SMMSTORE, you can have each update in its own transaction. Validate on boot, compact if reasonable, then lock the validated region, and let everything else roam free in the remaining part: either the OS protects you from any mess or the API is dead in the water anyway.

On next reboot, sort things out again, rinse, repeat.

File Documentation/drivers/smmstore.md:

https://review.coreboot.org/c/coreboot/+/79095/comment/66c7ca0d_15caa953 : PS2, Line 145: - while doing so, process authentication data and reject invalid blocks;

I always imagined something with two flash regions: One that is updated […]

There's SMMSTOREv2 that changed a bunch of things, and it might come with two regions already. Since I don't know