Attention is currently required from: Michał Żygowski, Martin L Roth, Patrick Rudolph, Benjamin Doron, Paul Menzel, Arthur Heymans.

Nico Huber has posted comments on this change. ( https://review.coreboot.org/c/coreboot/+/70378 )

Change subject: drivers/smm_payload_interface: Add initial support for SMM payload ......................................................................

Patch Set 11:

(1 comment)

Patchset:

PS11:

We considered moving the variable stack into coreboot, but it would be a lot of work: multiple modules, many libraries, all of it assuming the presence of a UEFI environment.

Into boot-time coreboot or into its SMI handler? And what would be the benefit?

Or are you referring to CB:64072?

Not specifically, don't know what they are doing there. I'm not talking about FSP.

I mean the very general concept of writing something in flash or memory that the firmware can pick up on the next boot. I've been told once that this would be the proper strategy to validate variables in smmstore.

People have been trying to secure updates to firmware or variables by SMM means for more than two decades and failed. There are better concepts now and I don't see a reason to retrofit failed ones into coreboot.

One example would be vboot. There's a writable space in the firmware flash but its content is only considered by firmware when its signature verifies. The same could be done with efivars, I suppose. Your UEFI payload would have to ignore entries with invalid signatures.

Something like validating the signatures once and then migrating the data into a secured part of the flash would be possible too, but needs a more complex implementation.