Merge tag 'efi-2020-07-rc3' of https://gitlab.denx.de/u-boot/custodians/u-boot-efi

Pull request for UEFI sub-system for efi-2020-07-rc3

A series of patches introduces the possibility to manage UEFI variables
via an OP-TEE module. CONFIG_EFI_MM_COMM_TEE enables this. If this
option is not specified the U-Boot behavior remains unchanged. A defconfig
is provided for compile testing (lx2160ardb_tfa_stmm_defconfig).

An incorrect UEFI memory allocation for fsl-layerscape is fixed

1 files changed, 17 insertions, 0 deletions

diff --git a/doc/uefi/uefi.rst b/doc/uefi/uefi.rst
index 4fda00d6872..03d6fd0c6aa 100644
--- a/doc/uefi/uefi.rst
+++ b/doc/uefi/uefi.rst
@@ -188,6 +188,23 @@ on the sandbox
     cd <U-Boot source directory>
     pytest.py test/py/tests/test_efi_secboot/test_signed.py --bd sandbox
 
+Using OP-TEE for EFI variables
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+Instead of implementing UEFI variable services inside U-Boot they can
+also be provided in the secure world by a module for OP-TEE[1]. The
+interface between U-Boot and OP-TEE for variable services is enabled by
+CONFIG_EFI_MM_COMM_TEE=y.
+
+Tianocore EDK II's standalone management mode driver for variables can
+be linked to OP-TEE for this purpose. This module uses the Replay
+Protected Memory Block (RPMB) of an eMMC device for persisting
+non-volatile variables. When calling the variable services via the
+OP-TEE API U-Boot's OP-TEE supplicant relays calls to the RPMB driver
+which has to be enabled via CONFIG_SUPPORT_EMMC_RPMB=y.
+
+[1] https://optee.readthedocs.io/ - OP-TEE documentation
+
 Executing the boot manager
 ~~~~~~~~~~~~~~~~~~~~~~~~~~